Knowing where and how your company is using open source software can avoid costly litigation

Black Duck Protex Automate Open Source Compliance

Open source software is free to use, but it comes with license obligations Poor open source compliance can expose you to costly, time-consuming risks, including litigation and loss of IP.

Black Duck® Protex™ is the industry’s leading solution for managing open source compliance. Protex integrates with existing development tools to automatically scan, identify, and inventory open source software, allowing you to understand license obligations, conflicts and risks. This enables you to mitigate these risks by enforcing license compliance and corporate policy requirements.

Are you in control of your open source?

Protex helps you reduce business risks and complete software projects on time and on budget.

Scan software contents
Inventory open source
Identify potential license risks
Streamline open source audits

Black Duck Code Label

The Black Duck Code Label provides summary of what’s in your code. Using output from a Protex code scan, Code Label tells you what open source you’re using and the license obligations associated with it.

Open Source licensing can be complex, but Code Label makes it easy for you to get the information your organization  needs:

  • Legal teams can isolate possible license violations and conflicts
  • Developers can drill down to identify problematic components and level of use
  • Governance teams can compare their Code Label against company policies to assess  potential conflicts prior to deployment

During M&A due diligence, the Code Label enables verification of code composition prior to commitment

  • “With Protex, it’s much easier to confirm where unintended open source is used in our products, and we’ve significantly reduced the risks of license violations.” - Nobuko Hattori, Chief Engineer Software Strategy, Olympus

Protex: Software Compliance Management

Learn how Black Duck Protex can help your company.

Learn More
Case Study

Intel Mitigates Business Risks of Open Source Compliance

See how Intel streamlines development and manages open source compliance.

Learn More

Black Duck Code Estimation Tool

Get started by calculating the volume of code you’ll need to scan.


Comprehensive Binary Analysis

Protex Binary Analysis Tool (BAT) integration offers comprehensive, automated analysis of custom binaries that may contain open source software.

  • Analyze data from more than 30 types of compressed files, file systems, and installers
  • Reduce uncertainty when deploying binaries that include open source software
  • Access information on over 200,000 open source binary packages

The Most Comprehensive Open Source KnowledgeBase

The Black Duck® KnowledgeBase™ is the industry’s most comprehensive database of open source project information. It includes over ten years' worth of data, more than 1 million software projects from more than 8,500 sites, and detailed data for more than 2,400 unique licenses, including vulnerabilities, full license text and dozens of encoded attributes and obligations for each license. New open source project versions and meta data are continually added in to the KnowledgeBase.

Software Development Kit

The Protex SDK extends the capabilities of Protex and enables your development team to tightly integrate with native development tools and processes.

The SDK provides a SOAP API that allows you to to integrate and automate a broad set of functions in your environment, including:

  • Code scanning and analysis
  • Status reporting
  • Release, approval and sign-off process integration
  • Build-process integration

To learn more, download the Protex SDK datasheet.

Integration With Existing Development Solutions

Black Duck provides systematic control over the software development process by integrating with your existing IDEs, build and continuous integration (CI) tools, reporting and repository-management systems.


Jenkins Integration

With the Protex Jenkins Plug-in you can configure the Jenkins build to point to an existing Protex project, or to create a new project for the build. The plug-in also initiates a scan of the project code and can be set to "Fail" the build if any pending IDs or license conflicts are found.
Artifactory Integration

Artifactory Integration

This provides an automated approach to initiating open source component approvals, in addition to monitoring for security vulnerabilities that may be associated with specific binary components. License, security vulnerability, and approval status is pulled from Black Duck tools and delivered through Artifactory, providing developers with critical metadata during the open source selection process. Black Duck provides metadata such as approval status, licenses and vulnerability information for a component.
Eclipse Integration

Eclipse Integration

This allows search, review, and selection of open source components for use in your applications directly from your IDE. A rich set of metadata supplied on the components and releases provides insights that inform decision making on component selection.
Maven Integration

Maven Integration

Maven components automatically identify any code matches generated to them. This feature relies on information in the KnowledgeBase with respect to which matched component versions have Maven group, artifact, and version (GAV) identifiers.
Rational Team Concert Integration

Rational Team Concert Integration

Integrating directly with the RTC build, enable an automated Protex scan over the build code and will report, create, or update work items for any pending identifications or license violations that require remediation.
TeamCity Integration

TeamCity Integration

With the Protex TeamCity Plug-in, you can initiate a scan of software project code and “fail” the build if any pending ID's or license conflicts are found during the scan. The TeamCity build can point to an existing Protex project or create a new project for the build.
IntelliJ IDEA Integration

IntelliJ IDEA Integration

Search, review, and select open source components from Code Center for use in your applications directly from your IDE. A rich set of metadata supplied on the components and releases provides clear insights to promote informed decision making on component selection