Concurrent Detect Runs 6.9.0

When the same user executes Synopsys Detect concurrently, it can result in collisions because the Synopsys Detect script, Synopsys Detect .jar, Synopsys Detect inspectors, and the Black Duck Signature Scanner are each downloaded to the same default location during execution. There are also potential race conditions that can occur when multiple concurrent runs of Synopsys Detect create or update the same Black Duck project/version or codelocation.

Concurrent execution of Synopsys Detect runs that include Docker image inspection create more challenges. For this scenario, Synopsys recommends engaging Synopsys Software Integrity Group Client Services for a solution tailored to your environment.

The following address scenarios that do not involve inspecting Docker images.

The Synopsys recommended way for a single user to execute multiple Synopsys Detect runs concurrently and to avoid the collisions is to do the following:

1. Run Synopsys Detect using the air gap capability to avoid downloading the Synopsys Detect script, .jar, or inspectors during execution.

2. Manually download and install the Black Duck Signature Scanner, and point Synopsys Detect to the Black Duck Signature Scanner.
   This avoids downloading the Black Duck Signature Scanner during execution.

3. Ensure that concurrent runs do not attempt to create or update the same Black Duck project/version, or the same codelocation.

To accomplish steps one and two above, do the following steps.

1. Log into Black Duck, and from Tools > Legacy Downloads, download and unzip the Black Duck Signature Scanner.

2. Download the Synopsys Detect gradle-nuget air gap zip from Synopsys SIG Artifactory server and decompress the file.

3. Run Synopsys Detect as shown in the following example: