Black Duck, the global leader in automated solutions for securing and managing open source software, today announced it is a Google Cloud Technology Partner. Through the collaboration, Google customers can use Black Duck solutions to accelerate production use of the cloud and containers as well as increase security and productivity with automated intelligence, visibility and control as they move workloads to the Google Cloud Platform (GCP).

Organisations are increasingly deploying applications in the cloud and moving into containerised delivery models, powered by open source architectures. These new models enable software innovation with speed and agility. At the same time, DevOps and Security teams are looking for increased visibility and control over what is inside of their organisations’ applications and container images. It is important for open source security to be integrated with new cloud and container architectures and DevOps processes.

Black Duck is releasing its flagship Black Duck Hub solution as a cloud service on Google Cloud Launcher Marketplace, enabling organisations to deploy Hub on GCP.  Hub allows Google Cloud customers to scan applications and container images, identify all the open source components, detect and analyse known security vulnerabilities, compliance issues, and code-quality risks, and enable policy management to control risks and their remediation. Additionally, Hub dynamically monitors the scanned code and provides alerts on newly discovered open source vulnerabilities or policy violations. Google customers can also use Hub to access the Black Duck KnowledgeBase, the world’s most comprehensive data store of open source components and risk intelligence.

With Black Duck Hub on GCP, users can automate security and compliance as a part of their development lifecycle and continuous integration and delivery (CI/CD) pipeline, allowing DevOps and Security teams to enhance speed and agility while controlling risks.

• Black Duck Hub integration with Google Container Engine (GKE) allows users to scan and monitor container images in the Google Container Registry (GCR).
• Black Duck Hub can be used with third-party CI/CD tools on GCP, including Jenkins on Google Container Engine in a multi-node Kubernetes cluster, or with Bamboo, Team City, Maven, and Gradle.
• Black Duck’s IDE integrations allow software developers to select safe and secure open source using plug-ins to Eclipse and Visual Studio.

“For very clear economic and productivity reasons organisations are highly motivated to migrate their applications to the cloud. Because open source comprises most of the code in their applications and containers, they need to be sure the open source is secure and compliant. Black Duck Hub and Google Cloud provide that assurance,” said Black Duck CEO Lou Shipley.

“In order to deliver high-quality software, we’re constantly scanning our products for vulnerabilities and security threats,” said Aram Price, Senior Software Engineer, Pivotal. “We collaborated with Black Duck to automate security scanning during development, and with the most recent release of Black Duck Hub we can also automate deployment to Google Cloud.”