Quickstart 6.4.0

The following is a basic example to help you get started using Synopsys Detect.

1. Get a source code project on which you run Synopsys Detect

To run Synopsys Detect on junit4, which is an open source project written in Java and built with Maven, clone the project by doing the following:

git clone https://github.com/junit-team/junit4.git
cd junit4

To understand what Synopsys Detect does, it is helpful to think about what you would do if you wanted to discover this project's dependencies without using Synopsys Detect.

You might do the following:

Look in the project directory (junit4) for hints about how dependencies are managed. In this case, the mvnw and pom.xml files are hints that dependencies are managed using Maven.
Since it's a Maven project, you would likely run ./mvnw dependency:tree to reveal the project's dependencies; both direct and transitive.

This is what Synopsys Detect does on this project. In addition, Synopsys Detect runs the Black Duck Signature Scanner on the directory, which discovers additional dependencies added to the project by any means other than the package manager.

2. Run Synopsys Detect in offline mode

To run Synopsys Detect in offline mode removes the need to connect to Black Duck while giving you an opportunity to see what Synopsys Detect does on a project. At the top level of the project directory (junit4), run Synopsys Detect in offline mode by using the following command:

# Linux or Mac (Bash)
bash <(curl -s -L https://detect.synopsys.com/detect.sh) --blackduck.offline.mode=true

# Windows (PowerShell)
powershell "[Net.ServicePointManager]::SecurityProtocol = 'tls12'; irm https://detect.synopsys.com/detect.ps1?$(Get-Random) | iex; detect" --blackduck.offline.mode=true

The functions performed by Synopsys Detect depends on what it finds in your source directory. By default, Synopsys Detect considers the current working directory to be your source directory.

In the junit4 example, Synopsys Detect does the following:

Runs the Maven detector, creating one BDIO (Black Duck Input Output) (.jsonld) file that contains the dependencies discovered using Maven.
Run the Black Duck Signature Scanner, creating a .json file that contains the dependencies discovered by the Black Duck Signature Scanner.

In offline mode, neither of these are uploaded to Black Duck.

To locate these files, look in the log for the message Run directory: .... These files are located inside the specified run directory.

3. Run Synopsys Detect connected to Black Duck

If you have access to a Black Duck server, you can re-run Synopsys Detect, this time connecting and uploading results to Black Duck.

To connect Synopsys Detect to Black Duck, replace the --blackduck.offline.mode=true command-line argument with the following three arguments that provide login details for your Black Duck server:

--blackduck.url={your Black Duck server URL}
--blackduck.username={your Black Duck username}
--blackduck.password={your Black Duck password}

Synopsys Detect does the same steps it did in the offline run, plus the following:

Uploads the discovered dependencies to Black Duck.
- Lists a Black Duck Project BOM URL in the log that you can use to view the results in Black Duck.

Open the Black Duck Project BOM URL in a browser to see the Bill Of Materials for junit4.

Next steps

Because Synopsys Detect can be used on a variety of project types in a variety of ways, its behavior is highly configurable. More detailed information on how to configure Synopsys Detect for your needs is provided in the following pages.