Comparison between Fluid Attacks and Black Duck | Fluid Attacks

Black Duck

How does Fluid Attacks' solution compare to Black Duck's? The following comparison table enables you to discern the performance of both providers across various attributes essential for meeting your company’s cybersecurity needs. To better understand each attribute, read their descriptions in the dedicated page.

Criteria
Fluid Attacks Essential
Fluid Attacks Advanced
Black Duck
Accuracy
Our SAST tool achieved the best possible result against the OWASP Benchmark: a TPR (True Positive Rate) of 100% and an FPR (False Positive Rate) of 0%.
We identify 90% of the evaluated systems' risk exposure. (Accuracy is calculated with the F1 score. Risk exposure is calculated with the formula CVSSF=4^(CVSS-4)).
They report a false positive rate of 20% in their SAST scanners for C/C++ and Java in their product Coverity 2018.01. They do not report a false positive rate corresponding to the other languages they support.
Binary SAST
Yes. We support APK files.
Yes. Its capability is equal to that of the Essential plan.
Yes. They support binaries for .NET, Go, Java, and native binaries, covering the following formats: .7z, .apk, .arj, .asar, .bin, .bz2, .cab, .cpio, .deb, .dmg, .exe, .iso, .jar, .lzh, .lz, .lz4, .nbi, .ova, .pkg, .qcow2, .rar, .rpm, .sh, .vdi, .vmdk, .vib, .xar, .xz, .zst, .zip and .Z.
Languages (Source SAST)
Yes. We support the following languages and technologies: Android, C#, CloudFormation, Configuration files, Dart, Docker, Docker Compose, Go, HTML, HTML5, jBASE, Java, JavaScript, Kotlin, Kubernetes, PHP, Python, Razor, Shell Scripting, Storybook, Swift, Terraform, TypeScript and YAML.
Yes. We support all languages and technologies supported in the Essential plan, as well as the following: ABAP, ActionScript, Apex, Assembler, ATS, Awk, C, C++, Clean, ClojureScript, Colm, cScript, Dale, Elvish, F#, Falcon, Fish, Fortran, Guile, Hana SQL Script, Haskell, Haxe, Idris, Ion, Janet, JCL, Joker, JScript, JSP, Lisp, Lobster, Natural, Nim, Objective C, Pascal, Perl, PL-SQL, PL1, PL/SQL, PowerScript, PowerShell, Prolog, R, RC, RPG4, Rust, Scala, SQL, SQR, Standard ML, T24, TAL, tcsh, Transact-SQL, VB.NET, VBA, VisualBasic 6, XML, among others.
Yes. They support the following languagesAnsible, Apex, ARM, C, C++, C#, CloudFormation, CUDA, Dart, Docker, Fortran, GCP Deployment Manager, Go, Helm, Java, JavaScript, JSP, Kotlin, Kubernetes, Objective C, Objetive C++, PHP, Python, Ruby, Scala, Swift, Terraform, TypeScript and VB.NET.
Frameworks (Source SAST)
Yes. We support the following frameworks: .NET, .NET Core, Angular, ASP.NET, Bootstrap, Django, Express, FastAPI, Flask, Flutter, Ktor, Laravel, Nest, Next.js, Node.js, React Native, React.js, Spring, Spring Boot and Vue.js.
Yes. We support all frameworks supported in the Essential plan, as well as the following: Apache Struts, Ember.js, Gatsby, Meteor, Phoenix, Ruby Sinatra, Ruby on Rails, Svelte, Symfony, Tornado, among others.
Yes. They support the following frameworks: .NET Framework, ABP Framework, Android Jetpack, Angular, AngularJS, Apache Flex Blaze DS, Apache Kafka, Apache log4net, Apache Shiro, ASP.NET Boilerplate, ASP.NET Core, ASP.NET Core MVC, ASP.NET MVC, Backbone, beego, Bootstrap, Buffalo, Castle Project, Cordova, Django, Dropwizard, DWR, Eclipse Jersey, Ember, Enterprise Java Beans, Express, Fastify, Fiber, Flask, Gin, GWT, Hapi, Hibernate, iBatis, Iris, Java EE Security API 1.0, Java Persistence API, JAX-RS, JAX-WS, JSF/Facelets, jOOQ, Koa, Logrus, Macaron, Marko, Mass Transit, Mean.io, Next.js, Ninja, NodeJS, Nhibernate, Ocelot, Orleans, Play Framework, Pug, React, Restify, Restlet, SAP XS Classic and Advanced, ServiceStack, Spring Boot, Spring Cloud, Spring Data, Spring framework, Spring Security, Spring Session, Spring Vault, Spring Web Flow, Spring Web Services, Struts, Steeltoe, Terasoluna, Tiles, Thorntail, Twig, Vert, Vision and WCF Services.

DAST
Yes. We scan unauthenticated HTTP endpoints, including headers, DNS records, HTML content, and SSL connections for encryption suites, protocols, and X509 certificates.
Yes. Its capability is equal to that of the Essential plan.
IAST
No
No
Yes. They support the following languages: C#, Clojure, Go, Gosu, Groovy, Java, JavaScript, Kotlin, PHP, Python, Scala and VB.NET.
SCA
Yes. We support the following package managers: Cargo, Composer, Conan, Docker Images, GitHub Actions, Go, Gradle, Hex, Maven, NPM, NuGet, pNPM, pip, Poetry, Pub, RubyGems, SBT, SwiftPM and Yarn.
Yes. Its capability is equal to that of the Essential plan.
Yes. They support the following package managers: Bazel, BitBake, Clang (C/C++), CocoaPods, Conan, Conda, Composer, Cpanm, Dep, Go, Godep, GoLang, Gradle, Hex, Lerna, Maven, npm, NuGeT, Packrat, Pear, Pip, pnpm, RubyGems, sbt, Swift, Yarn and Yocto.
PTaaS
No
Yes
Yes. They offer PTaaS and one-shot MPT as add-ons to their product licenses.
Reverse engineering
No
Yes. They offer reverse engineering as part of their PTaaS or MPT offering.
Secure code review
No
No information available
CSPM
ASPM
SCM integrations
It offers the same integrations as the Essential plan.
Ticketing integrations
It offers the same integrations as the Essential plan.
ChatOps integrations
No
No
Microsoft Teams and Slack
IDE integrations
It offers the same integration as the Essential plan.
CI/CD integrations
AWS CodePipeline, Bamboo, CircleCI, GitHub Actions, GitLab CI, Jenkins, TeamCity, Travis CI, and any other CI/CD system that supports Docker
It offers the same integrations as the Essential plan.
Cloud Integrations
It offers the same integrations as the Essential plan.
AWS, Azure and GCP
Compliance integrations
No
NoNo
SCA integrations
Native scanner (included, no integration needed)
Its capability is equal to that of the Essential plan.
SAST integrations
Native scanner (included, no integration needed)
Its capability is equal to that of the Essential plan.
DAST integrations
Native scanner (included, no integration needed)
Its capability is equal to that of the Essential plan.
IAST integrations
No
No
Secrets integrations
Native scanner (included, no integration needed)
Its capability is equal to that of the Essential plan.
Native scanner (included, no integration needed)
Container integrations
Native scanner (included, no integration needed)
Its capability is equal to that of the Essential plan.
CSPM integrations
Native scanner (included, no integration needed)
Its capability is equal to that of the Essential plan.
Compliance
We validate some requirements based on these standards and guidelinesAgile Alliance, BSIMM, BIZEC-APP, BSAFSS, CAPEC™, CASA, C2M2, CCPA, CERT-C, CERT-J, CIS, CMMC, CPRA, CWE™, CWE TOP 25, ePrivacy Directive, FACTA, FCRA, FedRAMP, FERPA, FISMA, GDPR, GLBA, HIPAA, HITRUST CSF, ISA/IEC 62443, ISO/IEC 27001, ISO/IEC 27002, ISSAF, LGPD, MITRE ATT&CK®, MISRA-C, MVSP, NERC CIP, NIST 800-53, NIST 800-63B, NIST 800-115, NIST 800-171, NIST CSF, NIST SSDF, NYDFS, NY SHIELD Act, OSSTMM3, OWASP API Security Top 10, OWASP ASVS, OWASP MASVS, OWASP-M TOP 10, OWASP SAMM, OWASP SCP, OWASP Top 10 Privacy Risks, OWASP TOP 10, PA-DSS, PCI DSS, PDPA, PDPO, POPIA, PTES, Resolution SB 2021 2126, SANS 25, SIG Core, SIG Lite, SOC2®, SWIFT CSCF, WASC and WASSEC.
We validate all the requirements according to the same standards and guidelines as the Essential plan.
Certifications or attestationsIt is covered by the same certifications and attestations as the Essential plan.
Marketplaces
It is available in the same marketplace as the Essential plan.
Fast and automatic
Remediation
We provide detailed documentation on fixes and features both on our platform and in our IDE extension, which uses generative AI to offer custom step-by-step correction guidance. Additionally, our IDE extension leverages gen AI to offer automated fixes capabilities.
In addition to the Essential plan features, we offer the option of "Talk to a hacker" in which our experts help clients understand how to remediate the most challenging vulnerabilities.
They provide detailed documentation on fixes and features both on their platform and through their IDE extensions. Additionally, their platform leverages gen AI to offer guidance and suggestions throughout the remediation process.
CI/CD security 
We can integrate with CI/CD systems and trigger a build pipeline failure to prevent from deploying a noncompliant software version into production (break the build).
Its capability is equal to that of the Essential plan.
They can integrate with CI/CD systems and trigger a build pipeline failure to prevent from deploying a noncompliant software version into production (break the build).
Vulnerability detection method
Hybrid (automated tools + AI + human intelligence)
Vulnerability chaining
No
By combining vulnerabilities A and B, we discover a new, higher impact vulnerability C.
Through their PTaaS or MPT offering, by combining vulnerabilities A and B, they discover a new, higher impact vulnerability C.
Delivery of evidence
We deliver all the types of evidence mentioned in the Essential plan, and additionally, (a) video recordings of the attack and (b) screenshots with explanatory annotations.
Their evidence is delivered in (a) PDF reports, (b) HTML reports, (c) CSV format, (d) JSON format, (e) code pieces and (f) graphs and metrics.
Exploitation
No
We can do exploitation as long as the client provides an available environment.
They do exploitation as part of their PTaaS or MPT offering.
Zero-day vulnerabilities
No
Our security researchers search for zero-day vulnerabilities in open-source software.
Their security researchers search for zero-day vulnerabilities in open-source software.
AI/ML triage
No
Using artificial intelligence (AI), we prioritize potentially vulnerable files for assessment. Our AI is specially trained by machine learning (ML) with thousands of snippets of vulnerable code.
No
Deployment
Same as the Essential plan.
Open source
Yes. MPL-2.0 license. Totally equivalent to the paid version.
Yes. MPL-2.0 license. Partially equivalent to the paid version.
No
Year founded
Same founding year as the Essential plan.
Number of employees
Same number of employees as the Essential plan.
Other services
Focus on automated offensive testing for applications in development.
Focus on both automated and manual offensive testing for applications in development.
Focus on both automated and manual offensive testing for applications in development.
Reputation sites (On a scale of 1 to 10)
Between 9.16 and 10.00 based on 31 reviews over 6.3 years from the following 3 sources: Clutch, Gartner Peer Insights and PeerSpot.
Same reviews and ratings as the Essential plan.
Between 7.82 and 8.22 based on 149 reviews over 7.4 years from the following 5 sources: G2Gartner Peer InsightsPeerSpotSoftware Advice and TrustRadius.
Status page
No
Demo
Free trial
No

Note on reference review date
References were last checked on Oct 07, 2024.
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.