- Silicon Design & Verification
- Silicon IP
- Software Integrity
- About Us
- Silicon Design & Verification Products
- Solutions
- Resources
- Services
- Community
- Training
- Silicon IP Products
- Solutions
- Resources
- Services
- Community
- Software Integrity
- Tools & Services
- Training & Education
- Solutions
- Resources
- Support
- Partners
- About Us
< Silicon Design & Verification Products
< Silicon Design & Verification Products
< Silicon Design & Verification Products
< Silicon Design & Verification Products
3D Image Processing
Simpleware Products
Simpleware for Life Sciences
Simpleware for Materials & Manufacturing
< Silicon Design & Verification Products
< Silicon Design & Verification Products
< overview
Silicon Design & Verification Products
+
Design
+
System Simulation & Modeling
+
Verification Continuum
+
3D Model Generation
+
Silicon Engineering
+
Optical Solutions
< Solutions
< Solutions
< Solutions
< Resources
< Resources
< Resources
< overview
< Services
< Services
< Services
< Community
Community
Community Overview
< Community
< Community
< Community
< Community
< Community
< Community
< Community
< overview
Community
+
Community
+
SNUG
+
Partners
+
EmbARC.org
+
Interoperability
+
Academic Programs
+
Company Blogs
+
BSIMM
< Training
< overview
< main menu
< Silicon IP Products
< Silicon IP Products
Memories & Libraries
Logic Libraries
Memory Compliers
Duet Packages
HPC Design Kit
Embedded Test & Repair
Non-Volatile Memory
< Silicon IP Products
< Silicon IP Products
Processor Solutions
ARC Processor IP
Embedded Vision Processor IP
Development Tools
Operating Systems
Ecosystem
ASIP Tools
< Silicon IP Products
< Silicon IP Products
< Silicon IP Products
< Silicon IP Products
< Silicon IP Products
< overview
Silicon IP Products
+
Interface IP
+
Memories & Libraries
+
Analog IP
+
Processor Solutions
+
IP Subsystems
+
Security IP
+
Market Segments
+
IP Accelerated
+
SoC Infrastructure IP
< Solutions
< Resources
< Services
< Services
< Services
< Community
Community
Community Overview
< Community
< Community
< Community
< Community
< Community
< Community
< Community
< overview
Community
+
Community
+
SNUG
+
Partners
+
EmbARC.org
+
Interoperability
+
Academic Programs
+
Company Blogs
+
BSIMM
< overview
Software Integrity
< Tools & Services
< Tools & Services
Professional Services
Strategy and Planning (BSIMM)
Architecture & Design
DecSecOps Integration
Cloud Security
Industry Solutions
< Tools & Services
Open Source Audits
< overview
< Training & Education
< Training & Education
Product Education
< overview
< Solutions
< Solutions
< Resources
< Resources
< Support
< Support
Contact Support
< Partners
< main menu
Software Integrity
+
Software Integrity
+
Tools & Services
+
Training & Education
+
Solutions
+
Resources
+
Support
+
Partners
< About Us
< About Us
< About Us
< About Us
< About Us
< About Us
Software Integrity
Customer driven features live in Black Duck Hub 4.4 release
Posted by Jeff Michael on February 8, 2018
How can you not love customer feedback when it helps you improve your product? At our recent FLIGHT conference, I had the opportunity to speak to a lot of customers, plus detailed discussions with our Customer Advisory Board members. This knowledge helped us build out the latest release of Black Duck Hub with new features that enhance both security and license compliance management.
Cryptography
Hub 4.4 helps you identify the component versions that have encryption algorithms. You can filter components by those known to contain encryption. Those components are listed with a new Cryptography icon on the bill of materials (BOM).
Note: While components added manually to existing BOMs now display cryptography information, legacy BOMs may require a rescan for cryptography data to display. In addition, this feature is an add-on module available for purchase. For internal servers, you need to update your registration key in order to use this feature.
REST APIs authentication through an API key
The Hub allows you to generate one or more “tokens” for accessing the Hub APIs. These tokens can replace the use of username/password credentials in integration configurations, such as Jenkins or for the Scan Client command line interface (CLI). With access tokens, if a security breach occurs, user credentials (possibly Single sign-on (SSO) or Lightweight Directory Access Protocol (LDAP) credentials) are not directly compromised
New scan service
To improve scalability and user interface (UI) performance, the Hub now leverages a new scan service. This service can be scaled up (like Job Runners) per customer needs and frees the web application from processing data from incoming scans.
Feature improvements
In addition, we implemented some improvements to various features, including:
- Improved license management, with the ability to edit KnowledgeBase licenses (including license family).
- Enhanced user management capabilities, allowing group synchronization from identity providers (IdP) via Security Assertion Markup Language (SAML). This allows us to automatically create user groups and assign the users to those groups.
- In the Hub Scanner, dependency detection is now an optional parameter. If you want to scan via the CLI and look for dependencies, you need to pass in the “—dependencyScan” option.
Note: Hub Detect is still the recommended best practice for scanning.
Learn more about Black Duck Hub, a complete open source management solution.
This post is filed under Black Duck by Synopsys, Open Source Security, Software Composition Analysis.
More by this author
Subscribe via Email
Get the latest Software Integrity news, thought leadership, and more.
Categories
- Agile Methodology
- Application Security
- Automotive Security
- Black Duck by Synopsys
- Blockchain Security
- CI/CD
- CISO
- Cloud Security
- Code Review
- Containers
- Cryptography
- Customer Success
- Data Breach
- DevOps
- DevSecOps
- Dynamic Analysis (DAST)
- eLearning
- Embedded Software Testing
- Ethical Hacking
- Featured
- Financial Services Security
- Fuzz Testing
- GDPR
- Government Security
- Healthcare Security
- Industrial Control System Security
- Infographic
- Insider Threat Detection
- Insurance Provider Security
- Interactive Application Security Testing (IAST)
- Internet of Things
- JavaScript Security
- Legal
- Maturity Model (BSIMM)
- Medical Device Security
- Mobile Application Security
- Network Security
- Open Source Governance
- Open Source Licenses
- Open Source Security
- OWASP
- Penetration Testing
- Privacy
- Red Teaming
- Runtime Application Self-Protection (RASP)
- Secure Coding Guidelines
- Security Architecture
- Security Conference or Event
- Security Metrics
- Security Risk Assessment
- Security Standards and Compliance
- Security Training
- Smart Grid Security
- Software Architecture and Design
- Software Composition Analysis
- Software Development Life Cycle (SDLC)
- Software Quality
- Software Security Program Development
- Software Security Testing
- Software Testing Optimization
- Static Analysis (SAST)
- Synopsys Culture
- Threat Intelligence
- Threat Modeling
- Uncategorized
- Vendor Risk Management
- Vulnerability Assessment
- Web Application Security
- Weekly Security Mashup
Archives