Case Study: Avira achieves scalable open source security while maintaining DevOps velocity with Black Duck

Addressing open source security while maintaining DevOps velocity

Avira Operations GmbH & Co. KG is a long-established security and privacy software provider whose products span desktop, mobile, and smart-home markets. As open source became ubiquitous across its codebases, Avira struggled to manage vulnerabilities and license compliance at DevOps speed—manual, siloed processes and growing product complexity meant security couldn’t keep pace with frequent releases.

Avira implemented Synopsys Black Duck software composition analysis across all development teams, running scans on master and release builds to automate open source security and license checks. The integration replaced manual Confluence/Jira tracking and custom scripts, improved scalability, embedded security into the DevOps workflow, increased developer–legal communication, and strengthened Avira’s overall open source security posture.

Avira

Marian Schneider

Information Security Officer