The Synopsys Detect for Azure DevOps plugin, formerly known as Black Duck Detect plugin for TFS/VSTS, is architected to seamlessly integrate Synopsys Detect with Azure DevOps build and release pipelines. Synopsys Detect makes it easier to set up and scan code bases using a variety of languages and package managers.
The Synopsys Detect plugin for Azure DevOps supports native scanning in your Azure DevOps environment to run Software Composition Analysis (SCA) on your code.
As a Synopsys and Azure DevOps user, Synopsys Detect Extension for Azure DevOps enables you to:
- Run a component scan in an Azure DevOps job and create projects and releases in Black Duck through the Azure DevOps job.
- After a scan is complete, the results are available on the Black Duck server (for SCA).
Using the Synopsys Detect Extension for Azure DevOps together with Black Duck enables you to use Azure DevOps to automatically create Black Duck projects from your Azure DevOps projects.
Invoking Synopsys Detect
Synopsys recommends invoking Synopsys Detect from the CI (build) pipeline. Scanning during CI enables Synopsys Detect to break your application build, which is effective for enforcing policies like preventing the use of disallowed or vulnerable components.
Using Synopsy Detect to analyze your code in Azure involves the following basic steps:
- Make sure you satisfy system and other requirements
- Download and configure the Synopsys Detect extension in Azure
- Configure build agent and pipeline
- Configure Black Duck connection
- Configure Synopsys Detect arguments
- Run pipeline and invoke scan
- Examine the analysis results