Versions Compared

Old Version 30

changes.mady.by.user Ray O'Meara

Saved on

compared with

New Version 31

changes.mady.by.user Ray O'Meara

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Synopsys Detect plugin for Azure DevOps consolidates the functionality of Black Duck™ and Coverity™ on Polaris™ to support DevOps supports native scanning in your Azure DevOps environment of:

  • Software Composition Analysis (SCA: open source software detection).Static Application Security Testing (SAST: code analysis).

As a Synopsys and Azure DevOps user, Synopsys Detect Extension for Azure DevOps enables you to:

  • Run a component scan in an Azure DevOps job:
    • Create projects and releases in Black Duck through the Azure DevOps job.
  • After a scan is complete, the results are available on the Black Duck server (for SCA).After a scan is complete, the results are available on the Coverity on Polaris server (for SAST).

Using the Synopsys Detect Extension for Azure DevOps together with the Black Duck and/or Polaris enables you to use Azure DevOps to automatically create Black Duck projects from your Azure DevOps projects.

...

Before calling Synopsys Detect in TFS or Azure DevOps, an active instance of Black Duck Duck or Polaris (if running SAST) Duck is required.  If you do not have Black Duck, refer to Black Duck on the Azure Marketplace for more information.

...

  • Black Duck. For the supported versions of Black Duck, refer to Black Duck Release Compatibility.Polaris versions 2019.06 or higher, for SAST scans only.
  • Team Foundation Server 2015 Update 2 or higher.
  • Java. OpenJDK versions 8 and 11 are supported. Other Java development kits may be compatible, but only OpenJDK is officially supported for Detect.
  • Microsoft .NET Framework version 4.5.

...


Network Requirements
The Synopsys Detect for Azure DevOps extension requires internet connectivity. The machine that hosts your Azure DevOps server must be able to connect to GitHub, Synopsys, Black Duck Artifactory, and the Black Duck and/or Polaris server.

Follow the steps to Deploy Black Duck on Azure for more information on deploying from the Azure Marketplace.

...

  • Your Azure DevOps instance is up-to-date and fully patched.
  • You know the host name and port for the Black Duck server.
  • You have a user account with administrator privileges on the Black Duck system that you can use for the integration.
  • You have a user account with administrator privileges on the Polaris system that you can use for the integration (for SAST only).You have connectivity to the internet. The machine that hosts your Azure DevOps server must be able to connect to the Black Duck and/or Polaris server.
Info

This is a recommendation as administrator privileges are not required in all use cases. Synopsys recommends administrator privileges to avoid failures but understands that this isn't possible in all environments. If you are running into permission constraints using this plugin, please contact Synopsys support.

...

  1. Navigate to Your Collection > Project > Pipelines > Tasks. The plugin adds a new task of Run Synopsys Detect for your build.  You must add this task to your build queue.  Click Run Synopsys Detect for your build, and the Synopsys Detect panel displays on the right. In the Synopsys Detect configuration panel, complete the following fields and options.
  2. Display name: Type a unique name in this field.  Note that the name you type here displays in the left panel; the default name is Run Synopsys Detect for your build.
  3. Run Detect For The Following Products: Select one of the following options:
    1. All products: For all products, specify:
      1. Black Duck Service Endpoint (required)  Select an existing connection, or click +New to add a connection.
      2. Black Duck Proxy Service Endpoint (optional) Select an existing proxy, or click +New to add a proxy.Polaris Service Endpoint (required) Select an existing Polaris connection, or click +New to add a Polaris connection.
    2. Black Duck Only: Runs only on Black Duck.  Complete the following.
      1. Black Duck Service Endpoint (required)  Select an existing connection, or click +New to add a connection.
      2. Black Duck Proxy Service Endpoint (optional) Select an existing proxy, or click +New to add a proxy.
    3. Polaris Only: Runs only on Polaris.  Complete the following.
      1. Polaris Service Endpoint (required) Select an existing Polaris connection, or click +New to add a Polaris connection.
  4. Manage: Selecting Manage launches the Azure DevOps Service connections page, where you can further refine or add a service connection.  Manage is available for:
    1. Black Duck Service Endpoint.
    2. Black Duck Proxy Service Endpoint.Polaris Service Endpoint.
  5. Detect Version: Version of the Detect binary to use. The default value is latest.  Synopsys recommends using the latest, but here you can specify a version override if desired.
  6. Detect Arguments: Here you can include additional Detectarguments; Detect picks up your build environment variables and your project variables. Use a new line or space to separate multiple arguments. Use double quotes to escape. You can use environment and build variables.  For more information on Detect arguments, refer to Synopsys Detect Properties.
  7. Detect Folder: The location to download the Detect jar or the location of an existing Detect jar. The default is the system temp directory.  To specify a different directory, type the directory path and name in the field.
  8. Add Detect Task Summary: Click this checkbox to add a summary of the Detect task to the build summary task.

...