<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>License on Software Factory</title><link>/tags/license/</link><description>Recent content in License on Software Factory</description><generator>Hugo</generator><language>en</language><atom:link href="/tags/license/index.xml" rel="self" type="application/rss+xml"/><item><title>Black Duck</title><link>/use/tools/blackduck-sca/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/use/tools/blackduck-sca/</guid><description>&lt;div style="display: flex; align-items: flex-start; gap: 1.5rem; margin-bottom: 1rem; max-width: 80%;"&gt;
 &lt;img src="/logo/icon_Black_Duck_SCA.svg" alt="Black Duck"
 width="150"
 style="flex-shrink: 0;"&gt;
 &lt;div&gt;&lt;p&gt;Black Duck is the Software Factory&amp;rsquo;s most complete &lt;strong&gt;Software Composition Analysis&lt;/strong&gt;
(&lt;a href="/use/practices/secure/software-composition-analysis/"&gt;SCA&lt;/a&gt;
) solution.
It combines four detection techniques to build a complete dependency inventory — including
dependencies that other tools miss, such as copy-pasted open source code and components
embedded in compiled binaries.&lt;/p&gt;
&lt;p&gt;This process helps in identifying known security vulnerabilities (CVEs/BDSAs), license
compliance violations, operational risks, and generating a comprehensive Bill of Materials (BOM)
for your applications.&lt;/p&gt;</description></item></channel></rss>