Case Study: Blue Yonder achieves a secure SDLC and automated open-source vulnerability remediation with Black Duck

Extending a Secure SDLC to Remediate Open Source Security Issues

Blue Yonder, a billion‑dollar leader in supply‑chain software with 100+ products used by over 4,000 customers, faced growing risk from unmanaged open source components across its portfolio. Without an accurate bill of materials or consistent governance, the company struggled to identify and remediate license and security vulnerabilities—leaving products exposed and release decisions uninformed.

To address this, Blue Yonder deployed Black Duck Code Center (2015) and Black Duck SCA (2017), integrating them into CI/CD pipelines and Jira to automate component approvals, policy enforcement, and vulnerability tracking. The result: accurate BOMs for every product, automated workflows that ensure license compliance and remediation of critical issues before release, improved visibility for security and M&A, and lower overhead for ongoing open source management.

Blue Yonder

John Vrankovich

Principal Architect