New integration enhances developer experience for Polaris, Black Duck SCA, and Coverity

BURLINGTON, Mass., Aug. 19, 2025/PRNewswire/ -- Black Duck® Software, Inc. ("Black Duck"), a leading global provider of application security solutions, today announced the availability of the Black Duck Security GitHub App in the GitHub Marketplace. This integration streamlines the onboarding and continuous synchronization of GitHub repositories with Polaris, Black Duck SCA, and Coverity, enabling development and security teams to easily configure and automate static application security testing (SAST) and software composition analysis (SCA) scans of their development projects at scale in both SaaS and on premises environments.

The Black Duck Security GitHub App simplifies the process of enabling security scans in customer repositories, accelerates time to value, and improves the user experience and ROI for Black Duck customers.

Key capabilities include:

• Bulk onboarding and continuous synchronization of GitHub repositories at scale
• Automated SAST and SCA scans triggered by code commits and pull requests
• Scan results added as pull request comments for discovered issues, enabling shift-left DevSecOps
• Automated fix pull requests for vulnerable open source dependencies
• Customizable policy enforcement with the ability to fail builds if violations exist
• Automated SARIF report integration into GitHub Advanced Security dashboards

The Black Duck Security GitHub App provides numerous benefits to development and security teams, including:

• Accelerated process of enabling security scans in customer repositories
• Simplified scaling of security testing to an organization's full portfolio of applications
• Reduced manual configuration effort and likelihood of errors
• Improved developer experience by providing security insights, fix pull requests, and remediation guidance right within GitHub workflows
• Enhanced user experience by enabling GitHub users to configure and manage security test orchestration without leaving the GitHub ecosystem

"By integrating Black Duck with GitHub, we're empowering developers to build secure software faster and more efficiently than ever while supporting our true scale approach for both on prem and SaaS environments," said Scott Johnson, VP of Product Management at Black Duck. "Combining our industry-leading application security expertise with GitHub's collaborative development platform further enables our customers to reduce risk, accelerate development velocity, and achieve a stronger security posture - all while maintaining the agility and speed that modern software development demands."

The Black Duck Security GitHub App is now available in the GitHub Marketplace, making it easy for developers and security teams to get started with automated application security testing.

For more information about the Black Duck Security GitHub App, please visit the GitHub Marketplace, watch the informational video, or read our detailed blog post.

About Black Duck Black Duck® meets the board-level risks of modern software with True Scale Application Security, ensuring uncompromised trust in software for the regulated, AI-powered world. Only Black Duck solutions free organizations from tradeoffs between speed, accuracy, and compliance at scale while eliminating security, regulatory, and licensing risks. Whether in the cloud or on premises, Black Duck is the only choice for securing mission-critical software everywhere code happens. With Black Duck, security leaders can make smarter decisions and unleash business innovation with confidence. Learn more at https://www.blackduck.com.

SOURCE Black Duck Software