Black Duck Jira Plugin

Version 6.3.2

The Black Duck Jira plugin is a Jira add-on that enables organizations to use Jira to manage and track issues detected by Black Duck that are related to your use of open source software.

Black Duck is a risk management tool, designed to help you manage the logistics of using open source software in your organization. Jira is an issue tracking application that enables software development organizations to track and manage issues related to the software applications they are developing.

Click here if you are looking for the Black Duck Jira migration tool version.

Important updates regarding Jira support

Atlassian no longer supports Jira 7.x versions and has announced its end of life.

Synopsys maintained the Jira version 6.2.0 plugin for maintenance issues only while Atlassian was supporting Jira 7.x.

The following changes apply to Synopsys’ support model for Jira.

Synopsys ceased all Jira 7.x support according to Atlassian’s support policy for JIRA versions.
You could remain on the Jira 6.2.0 plugin through the end of 2020.
Synopsys added the ability to support Jira on-prem versions 8.0.0 and above within Synopsys Alert as a new Alert channel, starting with Alert version 5.2.0.

To migrate from the existing Jira plugin to Alert and move from Jira 7 to JIRA 8, use the following process:

Ensure your Jira instance is version 8.0 or higher.
Run the migration script that Synopsys provides with the Alert version 5.2.0 release to ensure Alert can successfully identify and manage your legacy and existing Jira issues.
Configure and start using Alert. Configuration information is included in the Alert documentation.

Purpose

The Black Duck Jira plugin is designed for organizations that use Jira and want to manage open source-related issues within Jira, the same way you track other software development related issues. It enables you to use Black Duck to detect open source security risks, compliance issues, and policy violations, and to use Jira to track those issues through the various steps required to investigate and resolve each one. Black Duck generates notifications as important events occur, and the Black Duck Jira plugin reads those notifications from Black Duck. Some examples of notification events are:

The introduction of a component containing a known security vulnerability into a project's Bill of Materials.
The introduction of a component containing a policy violation into a project's Bill of Materials.
The manual override of a policy violation on a component.

In response to these notification events, the Black Duck Jira plugin:

Responds to a new security vulnerability by creating a security vulnerability Jira ticket to the track work on security vulnerabilities for the component.
Responds to a new policy violation by creating a policy violation Jira ticket to the track work on the policy violation for the component.
Responds to a manual override of policy violation by resolving the corresponding Jira issue.

After the Black Duck Jira plugin creates an issue in Jira, you can take advantage of Jira's capabilities to track and manage those issues. Issue-specific metadata is pulled from Black Duck into each plugin-created Jira ticket, providing access to that data through Jira's search and reporting capabilities.