Case Study: Entersekt achieves automated early open source vulnerability management and improved code quality with Black Duck

Automating Open Source Vulnerability Management with Black Duck

Entersekt, which secures millions of financial transactions daily, needed to tighten its open source security practices. Engineers had been manually identifying vulnerabilities and relying on an external review at the end of each release cycle; the company wanted to move validation much earlier in the SDLC, integrate scans into every build (Jenkins), automate vulnerability management, monitor continuously with minimal false positives, and keep code scanning securely inside its intranet.

After a Black Duck proof-of-concept, Entersekt implemented Black Duck’s open source vulnerability management to run continuous, on-premise scans integrated with their CI pipeline. Black Duck mapped components to NVD/OSVDB/VulnDB data, identified licenses, sent automated notifications, and prioritized remediation, which improved code quality, cut manual effort for engineers and QA, reduced false positives, and met Entersekt’s security and operational requirements.

Entersekt

Philip Botha

QA Manager