Version 23.0.0
...
...
The Synopsys Detect for Azure DevOps plugin, formerly known as Black Duck Detect plugin for TFS/VSTS, is architected to seamlessly integrate Synopsys Detect with Azure DevOps build and release pipelines. Synopsys Detect makes it easier to set up and scan code bases using a variety of languages and package managers.
The Synopsys Detect plugin for Azure DevOps supports native scanning in your Azure DevOps environment of:
...
to run Software Composition Analysis (SCA
...
) on your code.
As a Synopsys and Azure DevOps user, Synopsys Detect Extension for Azure DevOps enables you to:
- Run a component scan in an Azure DevOps job :Create and create projects and releases in Black Duck through the Azure DevOps job.
- After a scan is complete, the results are available on the Black Duck server (for SCA).
Using the Synopsys Detect Extension for Azure DevOps together with the Black Duck enables you to use Azure DevOps to automatically create Black Duck projects from your Azure DevOps projects.For more information on Synopsys Detect, refer to
Invoking Synopsys Detect
...
Before calling Synopsys Detect in TFS or Azure DevOps, an active instance of Black Duck is required. If you do not have Black Duck, refer to Black Duck on the Azure Marketplace for more information.
Software Requirements
The installation instructions in this document assume that you have the following installed and configured on your system:
- Black Duck. For the supported versions of Black Duck, refer to Black Duck Release Compatibility.
- Team Foundation Server 2015 Update 2 or higher.
- Java. OpenJDK versions 8 and 11 are supported. Other Java development kits may be compatible, but only OpenJDK is officially supported for Detect.
- Microsoft .NET Framework version 4.5.
The Synopsys Detect Extension for Azure DevOps is supported on the same operating systems and browsers as Black Duck.
For scanning NuGet projects, verify that you have the NuGet tool installer set up in the build job definition. You can download it at https://docs.microsoft.com/en-us/Azure DevOps/build-release/tasks/tool/nuget?view=Azure DevOps.
...
Follow the steps to Deploy Black Duck on Azure for more information on deploying from the Azure Marketplace.
| Info |
|---|
This plugin is for Windows environments only, due to the PowerShell requirement. |
Installing the Synopsys Detect for Azure DevOps plugin
Installation prerequisites
Before you install Synopsys Detect Extension for Azure DevOps, ensure that:
- Your Azure DevOps instance is up-to-date and fully patched.
- You know the host name and port for the Black Duck server.
- You have a user account with administrator privileges on the Black Duck system that you can use for the integration.
- You have connectivity to the internet. The machine that hosts your Azure DevOps server must be able to connect to the Black Duck server.
| Info |
|---|
This is a recommendation as administrator privileges are not required in all use cases. Synopsys recommends administrator privileges to avoid failures but understands that this isn't possible in all environments. If you are running into permission constraints using this plugin, please contact Synopsys support. |
You can get the Synopsys Detect for Azure DevOps plugin at VisualStudio Marketplace.
Using the Synopsys Detect for Azure DevOps plugin
Use the following processes for your Synopsys Detect for Azure DevOps plugin.
Configuring a task
Use the following process to configure a task. In the user interface, fields with a red asterisk ( * ) are required. Some default values are provided for you, such as version. Note that the following fields belong to Azure DevOps, and are not part of the Detect plugin:
- Version
- Display name
- Control Options
- Output Variables
...
- All products: For all products, specify:
- Black Duck Service Endpoint (required) Select an existing connection, or click +New to add a connection.
- Black Duck Proxy Service Endpoint (optional) Select an existing proxy, or click +New to add a proxy.
- Black Duck Only: Runs only on Black Duck. Complete the following.
- Black Duck Service Endpoint (required) Select an existing connection, or click +New to add a connection.
- Black Duck Proxy Service Endpoint (optional) Select an existing proxy, or click +New to add a proxy.
...
- Black Duck Service Endpoint.
- Black Duck Proxy Service Endpoint.
...
Running the task
After you have configured your task, you can run it as follows.
- In Azure DevOps, click Queue, and your task is executed on the next available build agent.
- If your task configuration is incomplete, a red status message of Some settings need your attention displays below Run Synopsys Detect for your build. Missing required settings display in red in the Synopsys Detect panel.
Release Notes
Version 2.0.0
New features
- Added support for Polaris.
Changed features
- Product renamed to Synopsys Detect for Azure DevOps.
Version 1.1.0
Changed features
- The service endpoint configuration is now optional.
- Added support for using an API token for user authentication.
Version 1.0.4
Changed features
- Improved proxy support and handling of supplied proxy arguments.
Resolved issues
- Resolved an issue that could result in an Access denied error.
Version 1.0.3
- Resolved an issue involving the SSL issue casting protocol.
Version 1.0.0
...
recommends invoking Synopsys Detect from the CI (build) pipeline. Scanning during CI enables Synopsys Detect to break your application build, which is effective for enforcing policies like preventing the use of disallowed or vulnerable components.
Basic workflow
Using Synopsy Detect to analyze your code in Azure involves the following basic steps:
- Make sure you satisfy system and other requirements
- Download and configure the Synopsys Detect extension in Azure
- Configure build agent and pipeline
- Configure Black Duck connection
- Configure Synopsys Detect arguments
- Run pipeline and invoke scan
- Examine the analysis results