BlackDuck

Black Duck is a complete open source management solution, which fully discovers all open source in your code. It can map components to known vulnerabilities, and identify license and component quality risks. You can use Black Duck to set and enforce open source policies, and integrate open source management into your DevOps environment. Additionally, Black Duck monitors and alerts you when new threats are reported.

All projects should be scanned (and fixed, if needed) before being handed over to business partners.