Filters

CLEAR ALL

Search Results ()

Filter Icon

Search Results ()

    All Plugins (171)

    Filter Icon

    Quick Info

    Product icon
    Product
    DevOps Velocity (HCL Accelerate)
    Plugin type icon
    Type
    plugin
    Compatibility icon
    Compatibility
    HCL DevOps Velocity version 2.0.4 or later
    created by icon
    Created by
    HCL Software
    Website icon
    Website
    Published Date
    March 8th, 2021
    Last Updated
    March 28th, 2024

    Description

    Black Duck by Synopsys identifies open source related vulnerabilities in applications and containers. It tracks the open source in code, mitigate security and license compliance, and automates enforcing open source policies.

    Quick Info

    Product icon
    Product
    DevOps Velocity (HCL Accelerate)
    Plugin type icon
    Type
    plugin
    Compatibility icon
    Compatibility
    HCL DevOps Velocity version 2.0.4 or later
    created by icon
    Created by
    HCL Software
    Website icon
    Website
    Published Date
    March 8th, 2021
    Last Updated
    March 28th, 2024

    ucv-ext-blackduck:1.0.21.tar

    Uploaded: 31-May-2022 14:08

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-blackduck:1.0.21

    Release Notes

  • minor fix
  • ucv-ext-blackduck:1.0.17.tar

    Uploaded: 28-Jan-2022 07:31

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-blackduck:1.0.17

    Release Notes

  • User Access Key Related Changes
  • ucv-ext-blackduck:1.0.2.tar

    Uploaded: 08-Feb-2021 07:31

    Summary

    The Black Duck plugin provides for integration with a Black Duck server. This plugin imports scan result data from an Black Duck server and saves the data as metrics in HCL DevOps Velocity insights.

    Compatibility

    HCL DevOps Velocity version 2.0.4 and later is required.

    Black Duck Server version 2020.6.0 and later is supported.

    History

    The following table describes the changes made in each plugin version.

    Plugin history details
    Version Description
    1.0.17 User Access Key Related Changes.
    1.0.2 Minor enhancements

    Usage

    To use the Black Duck plugin, the plugin must be loaded and an instance created before you can configure the plugin integration. Configuration properties are defined using the product user interface or a JSON file. After the integration is complete, to invoke the plugin send an HTTP Post request to the plugin endpoint.

    Integration type

    The Black Duck plugin supports endpoint integration which are listed in the following table.

    Endpoints
    Name Path Method
    Black Duck Scan Endpoint blackDuckScan Post

    To import data from the Black Duck server, send an HTTP POST request to your endpoint such as the following sample.

    
    https:///pluginEndpoint//blackDuckScan 
    {"project":"project_name", "version":"version_name", buildUrl": "build_url"}
    

    The payload for the POST must have the project and version from the Black Duck server scan.

    version_nameVersion name of a project on the Black Duck server.build_urlThe build URL from Jenkins or any other CI/CD tool. This is an optional field which links the Black Duck scan results with VSM

    Name Description
    project_name The project name on the Black Duck server.

    Integration

    There are two methods to integrate the plugin:

    • Using the user interface
    • Using a JSON file

    Using the user interface

    1. From the Plugins page, click Settings > Integrations > Plugins.
    2. Under the Action column for the plugin, click Add Integration.
    3. On the Add Integration page enter values for the fields used to configure the integration and define communication.
    4. Click Save.

    Using a JSON file

    The JSON file contains the information for creating a value stream and integrating with the BlackDuck server. The following table describes the information for the creating a HCL DevOps Velocity value stream map.

    1. From a value stream page, download the value stream map. The value stream map is a JSON file used to define integrations.
    2. Edit the JSON file to include the plugin configuration properties.
    3. Save and upload the JSON file. This replaces the current JSON file with the new content.
    4. View the new integration on the Integrations page.

    Configuration Properties

    The following tables describe the properties used to configure the integration. Each table contains the field name when using the user interface and the property name when using a JSON file.

    • The General Configuration Properties table describes configuration properties used by all plugin integrations.
    • The Black Duck Configuration Properties table describes the Black Duck configuration properties that define the connection and communications with the Black Duck server. When using the JSON method to integrate the plugin these properties are coded within the properties configuration property.

    Some properties might not be displayed in the user interface, to see all properties enable the Show Hidden Properties field.

    General Configuration Properties
    Name Description Required Property Name
    NA The version of the plugin that you want to use. To view available versions, click the Version History tab. If a value is not specified, the version named latest is used. No image
    Integration Name An assigned name to the value stream. Yes name
    Logging Level The level of Log4j messages to display in the log file. Valid values are: all, debug, info, warn, error, fatal, off, and trace. No loggingLevel
    NA List of plugin configuration properties used to connect and communicate with the Black Duck server. Enclose the properties within braces. Yes properties
    The name of the tenant. Yes tenant_id
    NA Unique identifier assigned to the plugin. The value for the Black Duck Server plugin is ucv-ext-blackduck Yes type
    Black Duck Configuration Properties
    Name Type Description Required Property Name
    Access Token Secure The access token to authenticate with the Black Duck server. You can use either this property or a password to authenticate with the server. Yes accessToken
    Black Duck URL String The base URL of the Black Duck server. For example: https://poc79.blackduck.synopsys.com. Yes blackDuckUrl
    HCL DevOps Velocity User Access Key Secure The user access key to authenticate with the HCL DevOps Velocity server. Yes ucvAccessKey

    JSON code sample

    The following sample code can be used as a template to define the integration within the JSON file for a value stream. Copy and paste the template into the JSON file Integration section and make the appropriate changes.

    
    "integrations": [ 
    { 
    "type": "blackDuckPlugin ", 
    "name": " Black Duck", 
    "tenant_id": "tenant_id", 
    "properties": { 
    "serverUrl": "https://poc79.blackduck.synopsys.com", 
    "accessToken": "access_token", 
    "ucvAccessKey":"user_access_key"} 
    } 
    ]