The plugin incorporates Black Duck scan intelligence in JFrog Artifactory to scan local repositories and apply policies .The defined in Black Duck Artifactory plugin .
Architecture
The architectural approach for Artifactory Integration has a focus on fully-hosted deployments as seen in the following diargram.
...
Operation
The Artifactory Integration periodically checks the repositories configured for artifacts that have not yet been scanned, have been updated since the last successful scan, or previously had scan errors and compiles a list.
Files are sent to your hosted Black Duck instance to be scanned and evaluated against policies defined in Black Duck. The Artifactory Integration polls your Black Duck instance for results and, when available, annotates the artifact with results including, but not limited to:
Scan result (success/failure).
URL to the scan results on the Black Duck instance.
Names of any policies that were found to be violated.
Additionally, the ability to block downloads of artifacts found in violation of Black Duck policies can be configured per repository.
| Info |
|---|
Before you can use the Artifactory Integration plugin in Artifactory, you must install and configure the plugin, and have an API key for the plugin to use Black Duck. |
...