Quickstart 6.9.0

Owned by Ray O'Meara (Unlicensed)
Apr 18, 2021
2 min read

The following is a basic example to help you get started using Synopsys Detect.

1. Get a source code project on which you run Synopsys Detect 

To run Synopsys Detect on junit4, which is an open source project written in Java and built with Maven, clone the project by doing the following:

git clone https://github.com/junit-team/junit4.git cd junit4

To understand what Synopsys Detect does, it is helpful to think about what you would do if you wanted to discover this project's dependencies without using Synopsys Detect.

You might do the following:

  1. Look in the project directory (junit4) for hints about how dependencies are managed. In this case, the mvnw and pom.xml files are hints that dependencies are managed using Maven.

  2. Since it's a Maven project, you would likely run ./mvnw dependency:tree to reveal the project's dependencies; both direct and transitive.

This is what Synopsys Detect does on this project. In addition, Synopsys Detect runs the Black Duck Signature Scanner on the directory, which discovers additional dependencies added to the project by any means other than the package manager.

2. Run Synopsys Detect connected to Black Duck

To run Synopsys Detect, you will need to provide login credentials for your Black Duck server. One way to do that is to add the following arguments to the command line:

--blackduck.url={your Black Duck server URL}

--blackduck.username={your Black Duck username}

--blackduck.password={your Black Duck password}

The command that you run looks like the following:

Linux or Mac

bash <(curl -s -L https://detect.synopsys.com/detect.sh) --blackduck.url={your Black Duck server URL} --blackduck.username={your Black Duck username} --blackduck.password={your Black Duck password}

Windows

powershell "[Net.ServicePointManager]::SecurityProtocol = 'tls12'; irm https://detect.synopsys.com/detect.ps1?$(Get-Random) | iex; detect" --blackduck.url={your Black Duck server URL} --blackduck.username={your Black Duck username} --blackduck.password={your Black Duck password}

 

The operations performed by Synopsys Detect depends on what it finds in your source directory. By default, Synopsys Detect considers the current working directory to be your source directory.

In the junit4 case, Synopsys Detect will:

  1. Run the Maven detector, which uses Maven to discover dependencies.

  2. Run the Black Duck Signature Scanner which scans the files in the source directory to discover dependencies.

  3. Upload the discovered dependencies to Black Duck.

  4. Provide in the log a Black Duck Project BOM URL that you can use to view the results in Black Duck.

Point your browser to the Black Duck Project BOM URL to see the Bill Of Materials for junit4.

 

Click here to learn about Running the Synopsys Detect JAR file.

Next steps

Because Synopsys Detect can be used on a variety of project types in a variety of ways, its behavior is highly configurable. More detailed information on how to configure Synopsys Detect for your needs is provided in the following pages.

©2018 Synopsys, Inc. All Rights Reserved