Detect plugs into existing build processes to look at the flow of dependencies within the build job of your CI of choice. It captures both declared and transitive dependencies and provides a comprehensive 360° view into the project’s dependencies without having to make any changes to the native build environment. (Pretty cool, right?) The plugin has been designed to recursively check for formal dependency management files (For example: pom.xml, setup.py, gemfile.lock), which help it understand the environment the project is getting built in so it can invoke the right configuration. Detect currently supports the following package managers: Maven, Gradle, SBT, Ruby Gems, NPM, Node.js, Cocopods, PyPi, Pear, Packagist, CPAN, Go, CRAN & Nuget. Hub Detect also supports functionality to handle major Linux package managers like apk, dpkg and rpms for major Linux operating systems via the Docker-inspector functionality.
Although Hub Detect is invoked as a post-build step, it monitors and injects itself within the build to capture the dependency information above. After Package Management inspection, the baton is handed over to the Black Duck Signature Scanner to scan the built artifact for file matches.