Case Study: Trend Micro achieves automated SBOMs and stronger open-source vulnerability management with Black Duck SCA

Trend Micro Delivering Open Source Cybersecurity

Trend Micro, a global leader in cloud and enterprise cybersecurity protecting hundreds of thousands of organizations and millions of users, faced a growing problem: its open source management was a manually maintained inventory and an in‑house CVE notification process. That manual approach hurt developer productivity and the reliability of third‑party vulnerability management, so Trend Micro sought an automated, shift‑left solution that would produce and maintain an accurate Software Bill of Materials (SBOM).

Trend Micro adopted Black Duck SCA to automatically scan source code, images, and binaries, generate SBOMs, and map findings to projects and versions. Black Duck’s Signature Scanner and broad file‑type support, API access, and CI/CD integrations (Jenkins, GitHub Actions) let Trend Micro automate monitoring and enforcement—product teams must run regular scans and remediate all high/critical vulnerabilities (CVSS ≥ 7)—resulting in more reliable, efficient third‑party vulnerability management.

TrendMicro

Fabio Arciniegas

Senior Cybersecurity Architect