The Black Duck for OpenShift solution helps manage open source risks associated with containers in orchestrated environments. The Black Duck for OpenShift solution consists of Synopsysctl, Black Duck Connector, and the Black Duck server.
The Black Duck Connector works with Black Duck to scan images in your cloud-native environment (Kubernetes and OpenShift) for open source security vulnerabilities.
The Black Duck Connector does the following tasks:
- Discovers new objects in your cluster.
- Determines their content and sends signature information to one or more Black Duck instances.
- Receives security scan information from Black Duck.
- Annotates and labels cluster objects with security status.
- Provides metrics about security scanning rates.
Detailed scan results are available in your Black Duck instance. Container annotations can be used to enforce security policies, and to ensure that vulnerable containers are not deployed in production environments.
This document describes how to install, configure, and use the Black Duck for OpenShift solution, and describes its design and architecture.
Before starting with the Black Duck for OpenShift solution, Synopsys recommends that you familiarize yourself with the basics of Kubernetes/OpenShift and Black Duck.
The Black Duck Connector requires a Black Duck deployment.