Versions Compared

Old Version 49

changes.mady.by.user Ray O'Meara

Saved on

compared with

New Version 50

changes.mady.by.user Ray O'Meara

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
Table of Contents
excludeTable of Contents

...

  • Target location of the image to be scanned scanned. 
  • User name for Black Duck.
  • Reference to the encrypted credentials in KMS.
  • Name of the project in Black Duck that stores the scan information information. 

The following file is an example of a build specification file in YAML format.

...

Google's infrastructure is unable to read an environment variable in the value for the kmsKeyName field.  Therefore, you must provide the hard-coded project ID value in the kmsKeyName field. 
In the build specification YAML file example, the $PROJECT_ID is not used in the kmsKeyName field because you must provide a hard-coded value.

Note: If your instance of Black Duck uses a self-signed certificate, ensure that you include the --blackduck.trust.cert argument in the args section of the YAML/JSON file that invokes the Cloud Build scanner. This allows the scanner to connect to a Black Duck instance whose certificate is not signed by a trusted third party. Refer to the build spec file example.


Caution: Build errors might occur when the --detect.tools argument and value are not included in the list of arguments.

...

As an alternative to invoking Google Cloud Build with a build-management system such as Jenkins, you can invoke the build process with Google Container Registry's build triggers.  You can easily create a build trigger that instructs Google Cloud Build to automatically build your image whenever changes are pushed to the build source from any repository, including a cloud storage bucket. Click here for documentation about Google's Build Trigger functionality. 

Note: To use Build Triggers, your repository must contain build configuration information in a cloudbuild.yaml file.

Submitting a build request using gcloud and verifying the results

...

Code Block
gcloud builds submit --config cloudbuild.yaml .

In this example, cloudbuild.yaml is the build configuration file.  You must run this command from the source code home directory where the build specification file lives. After a successful run, a message displays, which is similar to the following example:

You should now be able to see the scan results in Black Duck.

...

Scanning application source code and artifacts after a build

To scan the application source code that you're compiling in Google Cloud Build, insert the Synopsys Cloud Build Scanner step after your build step. 

...

If you're using Google Cloud Binary Authorization and you want to create an attestation from the result of the Black Duck scan, click here to see  for instructions.