Case Study: State Government IT Agency achieves a unified secure SDLC and reduced vulnerabilities with Black Duck Software Risk Manager

Building a Secure SDLC for a State Government IT Agency

A state IT agency that supports employees across more than 700 locations and drives statewide data center, help desk, and IT security strategy needed to establish a unified, secure software development life cycle across many client departments. In 2022 the agency sought a solution to embed security practices throughout development—from planning to deployment—with two primary challenges: getting developer adoption of automated security tools and integrating those tools smoothly into existing DevOps pipelines.

The agency implemented Coverity SAST and Black Duck SCA unified through Black Duck’s Software Risk Manager, creating a single AppSec source of record with dashboards, integrations, and compliance mapping. The rollout centralized security across 19 agencies, established a compliance framework, improved issue tracking, reduced identified vulnerabilities and resolution times (measured by KPIs), and helped drive a cultural shift toward a security-first mindset.