Case Study: CGI achieves consolidated AST visibility and faster vulnerability prioritization with Black Duck's Software Risk Manager

OPPO Strengthens Its Software Engineering System Ensuring security robustness with BSIMM

CGI, a global IT and business consulting firm founded in 1976, needed a way to consolidate and prioritize security findings from a wide array of application security testing (AST) tools across more than 100 projects. With teams using multiple scanners and platforms, CGI lacked a single source of truth to measure tool effectiveness, gain visibility into process and performance, and quickly identify critical vulnerabilities.

CGI implemented Black Duck Software Risk Manager, an on‑premises application security posture management solution that integrates 125+ tools and includes built‑in SAST and SCA engines, contextual risk scoring, and centralized policy management. The platform consolidated results into a single, easy‑to‑configure dashboard, reduced noise by filtering to security‑relevant issues, improved static analysis accuracy, and enabled faster prioritization and remediation—delivering the clear, actionable security insights CGI needed.

CGI

Rajesh Subramani

Application Security Engineer