Version 2.0.0
Introduction
The Synopsys Detect for Azure DevOps plugin, formerly known as Black Duck Detect plugin for TFS/VSTS, is architected to seamlessly integrate Synopsys Detect with Azure DevOps build and release pipelines.
The Synopsys Detect plugin for Azure DevOps consolidates the functionality of Black Duck™ and Coverity™ on Polaris™ to support native scanning in your Azure DevOps environment of:
- Software Composition Analysis (SCA: open source software detection).
- Static Application Security Testing (SAST: code analysis).
As a Synopsys and Azure DevOps user, Synopsys Detect Extension for Azure DevOps enables you to:
- Run a component scan in an Azure DevOps job:
- Create projects and releases in Black Duck through the Azure DevOps job.
- After a scan is complete, the results are available on the Black Duck server (for SCA).
- After a scan is complete, the results are available on the Coverity on Polaris server (for SAST).
Using the Synopsys Detect Extension for Azure DevOps together with the Black Duck and/or Polaris enables you to use Azure DevOps to automatically create Black Duck projects from your Azure DevOps projects.
For more information on Synopsys Detect, refer to Synopsys Detect.
Requirements
Before calling Synopsys Detect in TFS or Azure DevOps, an active instance of Black Duck Duck or Polaris (if running SAST) is required. If you do not have Black Duck, refer to Black Duck on the Azure Marketplace for more information.
Software Requirements
The installation instructions in this document assume that you have the following installed and configured on your system:
- Black Duck. For the supported versions of Black Duck, refer to Black Duck Release Compatibility.
- Polaris versions 2019.06 or higher, for SAST scans only.
- Team Foundation Server 2015 Update 2 or higher.
- Java. OpenJDK versions 8 and 11 are supported. Other Java development kits may be compatible, but only OpenJDK is officially supported for Detect.
- Microsoft .NET Framework version 4.5.
The Synopsys Detect Extension for Azure DevOps is supported on the same operating systems and browsers as Black Duck.
For scanning NuGet projects, verify that you have the NuGet tool installer set up in the build job definition. You can download it at https://docs.microsoft.com/en-us/Azure DevOps/build-release/tasks/tool/nuget?view=Azure DevOps.
Network Requirements
The Synopsys Detect for Azure DevOps extension requires internet connectivity. The machine that hosts your Azure DevOps server must be able to connect to GitHub, Synopsys, Black Duck Artifactory, and the Black Duck and/or Polaris server.
Follow the steps to Deploy Black Duck on Azure for more information on deploying from the Azure Marketplace.
This plugin is for Windows environments only, due to the PowerShell requirement. |
Installing the Synopsys Detect for Azure DevOps plugin
Installation prerequisites
Before you install Synopsys Detect Extension for Azure DevOps, ensure that:
- Your Azure DevOps instance is up-to-date and fully patched.
- You know the host name and port for the Black Duck server.
- You have a user account with administrator privileges on the Black Duck system that you can use for the integration.
- You have a user account with administrator privileges on the Polaris system that you can use for the integration (for SAST only).
- You have connectivity to the internet. The machine that hosts your Azure DevOps server must be able to connect to the Black Duck and/or Polaris server.
This is a recommendation as administrator privileges are not required in all use cases. Synopsys recommends administrator privileges to avoid failures but understands that this isn't possible in all environments. If you are running into permission constraints using this plugin, please contact Synopsys support. |
You can get the Synopsys Detect for Azure DevOps plugin at VisualStudio Marketplace.
Using the Synopsys Detect for Azure DevOps plugin
Use the following processes for your Synopsys Detect for Azure DevOps plugin.
Configuring a task
Use the following process to configure a task. In the user interface, fields with a red asterisk ( * ) are required. Some default values are provided for you, such as version. Note that the following fields belong to Azure DevOps, and are not part of the Detect plugin:
- Version
- Display name
- Control Options
- Output Variables
- Navigate to Your Collection > Project > Pipelines > Tasks. The plugin adds a new task of Run Synopsys Detect for your build. You must add this task to your build queue. Click Run Synopsys Detect for your build, and the Synopsys Detect panel displays on the right. In the Synopsys Detect configuration panel, complete the following fields and options.
- Display name: Type a unique name in this field. Note that the name you type here displays in the left panel; the default name is Run Synopsys Detect for your build.
- Run Detect For The Following Products: Select one of the following options:
- All products: For all products, specify:
- Black Duck Service Endpoint (required) Select an existing connection, or click +New to add a connection.
- Black Duck Proxy Service Endpoint (optional) Select an existing proxy, or click +New to add a proxy.
- Polaris Service Endpoint (required) Select an existing Polaris connection, or click +New to add a Polaris connection.
- Black Duck Only: Runs only on Black Duck. Complete the following.
- Black Duck Service Endpoint (required) Select an existing connection, or click +New to add a connection.
- Black Duck Proxy Service Endpoint (optional) Select an existing proxy, or click +New to add a proxy.
- Polaris Only: Runs only on Polaris. Complete the following.
- Polaris Service Endpoint (required) Select an existing Polaris connection, or click +New to add a Polaris connection.
- Manage: Selecting Manage launches the Azure DevOps Service connections page, where you can further refine or add a service connection. Manage is available for:
- Black Duck Service Endpoint.
- Black Duck Proxy Service Endpoint.
- Polaris Service Endpoint.
- Detect Version: Version of the Detect binary to use. The default value is latest. Synopsys recommends using the latest, but here you can specify a version override if desired.
- Detect Arguments: Here you can include additional Detect arguments; Detect picks up your build environment variables and your project variables. Use a new line or space to separate multiple arguments. Use double quotes to escape. You can use environment and build variables. For more information on Detect arguments, refer to Synopsys Detect Properties.
- Detect Folder: The location to download the Detect jar or the location of an existing Detect jar. The default is the system temp directory. To specify a different directory, type the directory path and name in the field.
- Add Detect Task Summary: Click this checkbox to add a summary of the Detect task to the build summary task.
Running the task
After you have configured your task, you can run it as follows.
- In Azure DevOps, click Queue, and your task is executed on the next available build agent.
- If your task configuration is incomplete, a red status message of Some settings need your attention displays below Run Synopsys Detect for your build. Missing required settings display in red in the Synopsys Detect panel.
Release Notes
Version 2.0.0
New features
- Added support for Polaris.
Changed features
- Product renamed to Synopsys Detect for Azure DevOps.
Version 1.1.0
Changed features
- The service endpoint configuration is now optional.
- Added support for using an API token for user authentication.
Version 1.0.4
Changed features
- Improved proxy support and handling of supplied proxy arguments.
Resolved issues
- Resolved an issue that could result in an Access denied error.
Version 1.0.3
- Resolved an issue involving the SSL issue casting protocol.
Version 1.0.0
- First release of product.