This guide describes the set-up process for integrating Black Duck Hub with the ZeroNorth Platform. Integrating with ZeroNorth provides an automated and orchestrated scans of build artifact to continuously manage exposure to open-source vulnerabilities.
The steps described in this document assume that the following are in place:
- Black Duck Hub instance with a valid license and credentials
- ZeroNorth platform license and credentials
- Necessary connectivity from ZeroNorth to Black Duck Hub instance and the source code repositories to scan
Set up Black Duck Hub Scan:
- A znADM user ensures that the blackduckhub-default scenario is activated.
- Identify a build artifact. The znADM user creates an Integration to this target if necessary.
- A znOPS user then defines a Target to represent the above build artifact.
- Create a Policy that configures scanning the Target (the build artifact) with your Black Duck Hub server.
The following sections described the policy setup steps in detail.
1) Activate the Black Duck Hub Scenario
Prior to using Black Duck Hub with ZeroNorth, follow the steps in the article Activate Scenario - BlackDuck Hub to activate your Black Duck Hub Scenario.
2) Add a Target
If not already done so, add a Target of type “Artifact” or type “Repository”.
3) Create a Policy
Create a Policy that combines your Black Duck Hub Scenario and the desired Target:
- Go to znOPS > Policies .
- Click on the +Add Policy button on the bottom right of the screen.
- Enter the Name and Description (optional).
- Select previously created Integration and Target.
- Select the Black Duck Hub Scenario that was previously activated.
- For Policy Type and related fields:
- Orchestrated Scan - select “Orchestrated Scan” for an orchestrated scan with your Black Duck Hub server. If you specify the optional Project Name and the Version Name, the specified names must not already exist in the Black Duck server.
- Data Load - set Policy Type as “Data Load” to import existing Black Duck Hub scan results into ZeroNorth. For Application Lookup Type , select “Discovery” to select the application from a list or “Manual” to specify the names yourself.
- Click Save to create a new policy.