Black Duck Artifactory Integration Plugin

Version 1.0.1

The Black Duck Artifactory Integration Plugin allows for scanning artifacts at-scale in JFrog Artifactory to scan open source components in local repositories, apply policies.

  • Black Duck Artifactory Integration scans artifacts in the configured repositories and any artifacts being added to prevent vulnerable components from entering or propagating in application code.

  • The Black Duck Artifactory Integration plugin can work in conjunction with the Artifactory Integration Helm deployment to continually scan all items in configured repositories. Items scanned will be annotated and if in violation of policies configured in Black Duck, can be automatically blocked from being downloaded from Artifactory.

 

 

 

Basic workflow

Use the following workflow to start using Black Duck plugin in Artifactory:

  1. Ensure that you satisfy the requirements.

  2. Configure an Artifactory Server under Integration in your Black Duck instance.

  3. Create an API Token for Artifactory Integration in your Black Duck instance and copy it to your clipboard.

  4. Install the Black Duck Artifactory Integration plugin in JFrog Artifactory.

  5. Configure the following in the Artifactory Integration plugin:

    1. Black Duck server instance to use.

    2. API Token for that Black Duck instance.

    3. Name of the Artifactory Server configuration.

  6. Restart the Artifactory instance or each node in a HA configuration.

  7. Following a scan, examine the resulting artifact properties or follow the link (if configured) to view the results on the Black Duck instance.

©2023 Synopsys, Inc. All Rights Reserved