SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Realistic computer screen code magnifying glass security scanning opensource icons
#
DevOps
#
Application Security
#
DevSecOps

Black Duck launches GitHub app for automated security scans

Wed, 20th Aug 2025
Author image
By Jed Nykolle Harme, Editor

Black Duck has launched a GitHub App aimed at streamlining repository scanning and improving application security for development and security teams.

The new Black Duck Security GitHub App is now available on the GitHub Marketplace. It is designed to automate security processes by integrating Polaris, Black Duck SCA, and Coverity scanning solutions directly into GitHub repositories, allowing teams to manage and automate static application security testing (SAST) and software composition analysis (SCA) at scale for both SaaS and on premises environments.

According to Black Duck, this integration simplifies onboarding and continuous synchronisation of GitHub repositories. The app's features allow development and security teams to configure automated scans triggered by code commits and pull requests. This results in early identification of vulnerabilities within the software development lifecycle.

The application includes several capabilities for large-scale operations, such as bulk onboarding of repositories, synchronisation, and adding scan results as pull request comments when issues are discovered. Teams can address security issues earlier in the process, reinforcing shift-left DevSecOps practices. The functionality also includes automated fix pull requests for vulnerable open source dependencies, customisable policy enforcement, build failure on policy violations, and automated integration of SARIF reports into GitHub Advanced Security dashboards.

Black Duck highlights multiple benefits for users deploying the app. Among these are expedited activation of security scans in customer repositories, a simplified process to scale security testing across an organisation's software portfolio, and reduced need for manual configuration, which lowers the risk of error. Developers are presented with security insights, automated fix pull requests, and remediation guidance directly in the GitHub workflow, making the experience more seamless. Users can also configure and manage security test orchestration entirely within the GitHub ecosystem.

"By integrating Black Duck with GitHub, we're empowering developers to build secure software faster and more efficiently than ever while supporting our true scale approach for both on prem and SaaS environments. Combining our industry-leading application security expertise with GitHub's collaborative development platform further enables our customers to reduce risk, accelerate development velocity, and achieve a stronger security posture – all while maintaining the agility and speed that modern software development demands," said Scott Johnson, VP of Product Management at Black Duck. 

The Black Duck Security GitHub App is available through the GitHub Marketplace, providing a direct route for development and security teams to adopt automated application security testing processes.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
SIOS sets 2026 vision for clustering in hybrid AI IT
Alcatraz Rock X passes live airport facial ID tests
AI-driven scams & Windows 11 reshape ATM crime risk
ReliaQuest warns of BaoLoader surge & trust attacks
One Identity adds AI threat response to Manager 10.0

Top stories

Portnox unveils global channel push with new VP hire
Index Engines expands CyberSense reach & OEM alliances
AI translation outpaces governance in defence work
‘BodySnatcher’ flaw lets hackers hijack ServiceNow AI agents
Team Cymru & Filigran integrate Pure Signal with OpenCTI