Your teams move fast—and your security needs to keep up.

This quarter, updates to the Black Duck portfolio include faster scans, smarter prioritization, and tighter integrations that keep security in step with modern development.

Watch the full video below for a deeper dive into everything new.

Security where you work

Developers live in GitHub, so we brought security to them.

The new Black Duck® Security GitHub app lets teams automate Black Duck Polaris™ Platform, Black Duck® SCA, and Coverity® Static Analysis scans directly within their repositories.

You can run SAST and SCA scans automatically on every commit, block risky merges with policies, and view findings right in pull requests—so issues are caught and fixed early.

The result: developers stay focused, AppSec gets visibility, and everyone ships faster.

From alert fatigue to action in Polaris

Polaris now helps teams cut through noise with better prioritization and governance.

New risk-scoring and policy filters highlight what’s truly exploitable, while issue exclusions and smarter SBOM editing reduce false positives.

Instead of chasing alerts, your teams can focus on what matters most—and fix it fast.

AppSec automation that keeps up with DevOps

Security shouldn’t slow your pipelines.

With expanded automation across Jenkins, GitHub, GitLab, Azure DevOps, and Bitbucket, Polaris fAST Dynamic now triggers scans automatically and enforces policy-based pass/fail gates. And with Coverity Fail Pull Requests Support in GitHub, risky code can be blocked before it ever gets merged.

That’s guardrails at release speed.

AI-powered fixes and smarter developer experience

Meet Black Duck Assist™, the AI AppSec companion built into Polaris and the Code Sight™ IDE Plug-in. Developers can now ask natural-language questions, get instant explanations of SAST findings, and generate AI-powered code fixes—right in the IDE.

AI also powers new capabilities in Seeker® Interactive Analysis and Defensics® Fuzzing, detecting prompt-injection and data-leak risks in LLM transactions and fuzzing tests.

Proof and performance across the software supply chain

Security doesn’t stop at code.

Black Duck SCA and Black Duck® Binary Analysis now supports SPDX 3.0 for audit-ready SBOMs, with sharper CVSS 4.0 scoring and expanded language support, including Rust and OpenWRT.

Software Risk Manager™ adds bulk triage, custom dashboards, and new version-management roles—so you can scale securely without the stress.

What this means for you

This quarter’s updates deliver

• Security embedded where developers already work
• Smarter prioritization and faster fixes
• CI/CD automation that scales with your pipelines
• AI-driven insights that boost developer speed and accuracy
• Audit-ready visibility across your software supply chain
   

Learn more and explore every feature. Join the conversation in our Customer Community