Sorry, not available in this language yet

Next: In an IoT-filled world, be alert… »

Customer driven features live in Black Duck 4.4 release

Posted by Jeff Michael on Thursday, February 8, 2018

Customer driven features live in Black Duck Hub 4.4 release

How can you not love customer feedback when it helps you improve your product? At our recent FLIGHT conference, I had the opportunity to speak to a lot of customers, plus detailed discussions with our Customer Advisory Board members. This knowledge helped us build out the latest release of Black Duck with new features that enhance both security and license compliance management.

Cryptography

Black Duck 4.4 helps you identify the component versions that have encryption algorithms. You can filter components by those known to contain encryption. Those components are listed with a new Cryptography icon on the bill of materials (BOM).

Note: While components added manually to existing BOMs now display cryptography information, legacy BOMs may require a rescan for cryptography data to display. In addition, this feature is an add-on module available for purchase. For internal servers, you need to update your registration key in order to use this feature.

REST APIs authentication through an API key

The Black Duck allows you to generate one or more “tokens” for accessing the Black Duck APIs. These tokens can replace the use of username/password credentials in integration configurations, such as Jenkins or for the Scan Client command line interface (CLI). With access tokens, if a security breach occurs, user credentials (possibly Single sign-on (SSO) or Lightweight Directory Access Protocol (LDAP) credentials) are not directly compromised

New scan service

To improve scalability and user interface (UI) performance, the Black Duck now leverages a new scan service. This service can be scaled up (like Job Runners) per customer needs and frees the web application from processing data from incoming scans.

Feature improvements

In addition, we implemented some improvements to various features, including:

Improved license management, with the ability to edit KnowledgeBase licenses (including license family).
Enhanced user management capabilities, allowing group synchronization from identity providers (IdP) via Security Assertion Markup Language (SAML). This allows us to automatically create user groups and assign the users to those groups.
In the Black Duck Scanner, dependency detection is now an optional parameter. If you want to scan via the CLI and look for dependencies, you need to pass in the “—dependencyScan” option.

Note: Black Duck Detect is still the recommended best practice for scanning.

Learn more about Black Duck, a complete open source management solution.

This post is filed under Security news and research.

Jeff Michael

Posted by

Jeff Michael

Jeff has over 15 years’ experience in driving product vision, leading software teams, and efficiently and effectively steering product direction. Currently, Jeff is senior product manager for the Black Duck product. Prior to Black Duck, Jeff focused on physical security applications from incident management to access control systems to emergency preparedness/response.

SEE AUTHOR ARCHIVE

More from Security news and research

CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library

Application Security Blog

Customer driven features live in Black Duck 4.4 release

Cryptography

REST APIs authentication through an API key

New scan service

Feature improvements

Learn more about Black Duck, a complete open source management solution.

Jeff Michael

More from Security news and research

CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library

2023 cybersecurity predictions that should be on your radar

Prioritizing open source vulnerabilities in software due diligence

AppSec Decoded: The research behind the 2022 “Software Vulnerability Snapshot”

Legal