Versions Compared

Old Version 44

changes.mady.by.user Jason Fisher

Saved on

compared with

New Version 45

changes.mady.by.user Jason Fisher

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Version 101.0.0 1

The Black Duck Artifactory Plugin incorporates Black Duck scan intelligence Integration Plugin allows for scanning artifacts at-scale in JFrog Artifactory to scan open source components in local repositories, inspect remote repositories for open source components, and apply policies.

  • The Black Duck plugin inspects your Artifactory remote repository caches for open source components and populates them with Black Duck vulnerability and policy metadata. Black Duck inspects Artifactory Integration scans artifacts in the repository configured repositories and any artifacts being added to prevent vulnerable components from entering or propagating in application code. This inspect functionality does not scan binaries with the Black Duck Signature Scanner but inspects your Artifactory caches for dependencies to mark them up with Black Duck metadata.

  • The Black Duck Artifactory Integration plugin can work in conjunction with the Artifactory Integration Helm deployment to continually scan all items in configured repositories. Items scanned will be annotated and if in violation of policies configured in Black Duck, can be automatically blocked from being downloaded from Artifactory.

Basic workflow

Use the following workflow to start using Black Duck plugin in Artifactory:

  1. Ensure that you satisfy the requirements.

  2. Configure an Artifactory Server under Integration in your Black Duck instance.

  3. Create an API Token for Artifactory Integration in your Black Duck instance and copy it to your clipboard.

  4. Install the Black Duck Artifactory Integration plugin in JFrog Artifactory.

  5. Configure scan and inspection properties.Configure the cron jobs to control the frequency of running the scan/inspection cron jobsthe following in the Artifactory Integration plugin:

    1. Black Duck server instance to use.

    2. API Token for that Black Duck instance.

    3. Name of the Artifactory Server configuration.

  6. Restart the Artifactory instance or each node in a HA configuration.

  7. Following a scan or inspection, examine the resulting artifact properties or follow the link (if configured) to view the results on the Black Duck instance.