Case Study: Íslandsbanki achieves unified open-source vulnerability management and mitigation with Synopsys Black Duck SCA

Managing & Mitigating Open Source Vulnerabilities with Black Duck SCA

Íslandsbanki, an Icelandic bank serving retail and corporate customers, faced growing risk from unmanaged open source components across containerized and traditional applications. Developers were doing manual tracking and the bank needed a consistent software composition analysis (SCA) approach that could scan packages in CI/CD pipelines and stop risky deployments so issues could be fixed during development.

The bank selected Black Duck SCA with Black Duck Security Advisories, which can scan containers and standard deployments and provides curated, prioritized vulnerability intelligence and remediation guidance. Deployed in April 2021 and integrated into Azure DevOps and other toolchains, Black Duck scans every master build and pull request for 177 applications across six teams, giving development, operations, and security a single, easy-to-use tool to manage and mitigate open source vulnerabilities.

Íslandsbanki

Finnur Örn Guðmundsson

Infrastructure Architect