Quick Info
Description
Black Duck by Synopsys identifies open source related vulnerabilities in applications and containers. It tracks the open source in code, mitigate security and license compliance, and automates enforcing open source policies.Quick Info
1.0.21 
ucv-ext-blackduck:1.0.21.tar
Uploaded: 31-May-2022 14:08
Pull Command
docker pull hclcr.io/accelerate/ucv-ext-blackduck:1.0.21Release Notes
ucv-ext-blackduck:1.0.17.tar
Uploaded: 28-Jan-2022 07:31
Pull Command
docker pull hclcr.io/accelerate/ucv-ext-blackduck:1.0.17Release Notes
Summary
Usage
Configuration PropertiesSummary
The Black Duck plugin provides for integration with a Black Duck server. This plugin imports scan result data from an Black Duck server and saves the data as metrics in HCL Accelerate insights.
Compatibility
HCL Accelerate version 2.0.4 and later is required.
Black Duck Server version 2020.6.0 and later is supported.
History
The following table describes the changes made in each plugin version.
| Version | Description |
|---|---|
| 1.0.17 | User Access Key Related Changes. |
| 1.0.2 | Minor enhancements |
Usage
To use the Black Duck plugin, the plugin must be loaded and an instance created before you can configure the plugin integration. Configuration properties are defined using the product user interface or a JSON file. After the integration is complete, to invoke the plugin send an HTTP Post request to the plugin endpoint.
Integration type
The Black Duck plugin supports endpoint integration which are listed in the following table.
| Name | Path | Method |
|---|---|---|
| Black Duck Scan Endpoint | blackDuckScan | Post |
To import data from the Black Duck server, send an HTTP POST request to your endpoint such as the following sample.
https:///pluginEndpoint//blackDuckScan
{"project":"project_name", "version":"version_name", buildUrl": "build_url"}
The payload for the POST must have the project and version from the Black Duck server scan.
| Name | Description |
|---|---|
| project_name | The project name on the Black Duck server. | version_name | Version name of a project on the Black Duck server. | build_url | The build URL from Jenkins or any other CI/CD tool. This is an optional field which links the Black Duck scan results with VSM |
Integration
There are two methods to integrate the plugin:
- Using the user interface
- Using a JSON file
Using the user interface
- From the Plugins page, click Settings > Integrations > Plugins.
- Under the Action column for the plugin, click Add Integration.
- On the Add Integration page enter values for the fields used to configure the integration and define communication.
- Click Save.
Using a JSON file
The JSON file contains the information for creating a value stream and integrating with the BlackDuck server. The following table describes the information for the creating a HCL Accelerate value stream map.
- From a value stream page, download the value stream map. The value stream map is a JSON file used to define integrations.
- Edit the JSON file to include the plugin configuration properties.
- Save and upload the JSON file. This replaces the current JSON file with the new content.
- View the new integration on the Integrations page.
Configuration Properties
The following tables describe the properties used to configure the integration. Each table contains the field name when using the user interface and the property name when using a JSON file.
- The General Configuration Properties table describes configuration properties used by all plugin integrations.
- The Black Duck Configuration Properties table describes the Black Duck configuration properties that define the connection and communications with the Black Duck server. When using the JSON method to integrate the plugin these properties are coded within the
propertiesconfiguration property.
Some properties might not be displayed in the user interface, to see all properties enable the Show Hidden Properties field.
| Name | Description | Required | Property Name |
|---|---|---|---|
| NA | The version of the plugin that you want to use. To view available versions, click the Version History tab. If a value is not specified, the version named latest is used. | No | image |
| Integration Name | An assigned name to the value stream. | Yes | name |
| Logging Level | The level of Log4j messages to display in the log file. Valid values are: all, debug, info, warn, error, fatal, off, and trace. | No | loggingLevel |
| NA | List of plugin configuration properties used to connect and communicate with the Black Duck server. Enclose the properties within braces. | Yes | properties |
| The name of the tenant. | Yes | tenant_id | |
| NA | Unique identifier assigned to the plugin. The value for the Black Duck Server plugin is ucv-ext-blackduck |
Yes | type |
| Name | Type | Description | Required | Property Name |
|---|---|---|---|---|
| Access Token | Secure | The access token to authenticate with the Black Duck server. You can use either this property or a password to authenticate with the server. | Yes | accessToken |
| Black Duck URL | String | The base URL of the Black Duck server. For example: https://poc79.blackduck.synopsys.com. |
Yes | blackDuckUrl |
| HCL Accelerate User Access Key | Secure | The user access key to authenticate with the HCL Accelerate server. | Yes | ucvAccessKey |
JSON code sample
The following sample code can be used as a template to define the integration within the JSON file for a value stream. Copy and paste the template into the JSON file Integration section and make the appropriate changes.
"integrations": [
{
"type": "blackDuckPlugin ",
"name": " Black Duck",
"tenant_id": "tenant_id",
"properties": {
"serverUrl": "https://poc79.blackduck.synopsys.com",
"accessToken": "access_token",
"ucvAccessKey":"user_access_key"}
}
]