Configuring Synopsys Detect Processing 6.4.0

What Detect looks at and how it performs its analysis depends on how you configure Detect.

Using properties, you can configure the following:

• What code to examine

• Authentication information

• Connection information

• Required detectors

• Sensitivity to policy violations

• Reporting

• Logging

Synopsys Detect processing

Synopsys Detect processing can be broken into the following phases:

Initialization phase

In this phase, Synopsys Detect does verification checks on the user-provided configuration, checks connectivity to any external systems needed for the run, and creates any required directories.

Run phase

In this phase, Synopsys Detect processes an ordered list of tools, invoking all that apply, which depends on how Synopsys Detect is configured.

Detect analysis is done using an ordered set of tools that you specify using Detect properties.

• By default, the build detector tool is run. This detector runs after a build and has access to both build artifacts and build tools; it produces the most accurate results.

• If Black Duck connection details are provided, the Black Duck signature scanner tool also runs by default.

Depending on project contents, the detector tool runs different types of detectors to find and extracts dependencies from supported package managers. For example, if Synopsys Detect finds a pom.xml file, it runs the Maven detector. If Synopsys Detect finds Gradle files, it runs the Gradle detector.

At the end of the run phase, Synopsys Detect uploads results to Black Duck, and optionally performs tasks such as generating a risk report or checking for policy violations.

Cleanup phase

During the cleanup phase, Synopsys Detect removes temporary files and directories before exiting.