
BlackDuck Alternatives - luthien2
We use BlackDuck at work to scan our jar for open source components with weak licenses. Thing is, BlackDuck&#x27;s scan tool takes too long (60+ min on a 400mb jar), and their support kinda sucks.<p>Anyone have recommendations on a better tool? I&#x27;m googling the competitors but would be interested to know what people&#x27;s experiences were (as opposed to just reading the shiny marketing-speak)
======
sesser
[https://github.com/nexB/scancode-toolkit/](https://github.com/nexB/scancode-
toolkit/)

------
relaunched
I'm not sure about better, or what features you are looking for specifically.
But, check out: WhiteSource CheckMarx OSA tools - though very new Veracode has
a nice OSA / CVE tool And there are a whole slew of open source tools too.

