DevOps Integrations

Agile development relies on automated development and testing to accelerate time to market and improve product quality. Black Duck by Synopsys helps you ensure that your applications are free of open source vulnerabilities and that they comply with open source license and use policies as part of your automated DevOps framework. With easy-to-use open source integrations for the most popular development tools, and REST APIs that allow you to build your own integrations for virtually any commercial or custom development environment, you can be agile, secure, and compliant.

IDE integrations

With Black Duck IDE integrations, you can discover open source security gaps as you code via Black Duck’s source file scanning. These plugins automatically scan open source components as you pull them into your code, allowing you to look up component security information and take remediation steps even before you check in your code.

Continuous integration (CI) tool integrations

Black Duck CI integrations allow you to configure and automate scanning as part of your CI build process. Scan results are visible within both Black Duck and CI user interfaces. Open source application security, license, and use policies defined in Black Duck can be configured to show alerts within the CI tool or fail a build, allowing you to configure enforcement based on project type and build phase.

Package managers and build tools

With Black Duck, you can augment open source discovery and binary file scanning with dependency information obtained from the build environment itself. Black Duck Detect automates the collection and reporting of project dependencies to Black Duck, combining data from both sources into a highly complete and accurate open source bill of materials (BoM).

Bug and issue tracking integrations

Black Duck bug and issue tracking integrations allow you to generate, track, and manage issues (a.k.a. tickets) related to Black Duck policy violations and security alerts natively in the systems you already use to manage your development and testing work.

Download from GitHub

Binary repository integrations

Black Duck binary repository integrations help you ensure that the code artifacts your developers are using comply with open source use policies and are free from known vulnerabilities. These plugins scan artifacts already in the repository as well as those being added, preventing noncompliant artifacts from entering or propagating. In addition, Black Duck’s vulnerability and policy monitoring will alert you when new security risks or policies affect artifacts in the repository.

Application security suite integrations

Black Duck’s application security suite integrations give users a “single pane of glass” view of application vulnerabilities across both the custom code and open source components that make up their applications. This integrated view of open source vulnerabilities with static application security testing (SAST) results helps teams prioritize and track remediation efforts across the entire application codebase.

Container platform integrations

Docker containers are revolutionizing the way applications are packaged and deployed. Containers make continuous integration and delivery (CI/CD) of applications easier for development teams, but they also make application security and compliance management more challenging for operations teams. Black Duck container platform integrations help you ensure that your containers are free of open source vulnerabilities and comply with open source policies before, during, and after deployment.

Docker

Built in!

Black Duck application programming interfaces

In addition to the pre-built integrations, you can also develop your own custom integrations with Black Duck using a rich set of REST APIs, which support a wide range of configuration, automation, policy management, and alerting capabilities. Documentation and interactive examples are available from the Black Duck user interface.

SPDX integration

The Software Package Data Exchange® (SPDX®) is an evolving standard for communicating the open source content, licenses, and copyrights associated with a software package. The purpose of the standard is to help companies in a software supply chain more easily comply with software licensing obligations. 

SPDX provides a uniform approach to documenting and sharing a software bill of materials (BoM), making it more efficient for supply chain partners to communicate. The standard is developed and maintained by the SPDX workgroup of the Linux Foundation.

Learn about the details of the Software Package Data Exchange Specification at www.spdx.org.

Customize them. They’re open source.

Most Black Duck integrations are provided as open source integrations under the Apache 2.0 open source license. Customize them to meet the specific needs of your environment, or use them as a model to create new integrations with your own tools. Have a change that will benefit other users? Contribute your changes back to the community. More information and issue trackers for the current integrations, as well as the latest integrations and versions, are available on the Black Duck page on GitHub.

Ready to build secure, high-quality software faster?

Talk to a software security and quality expert