Skip to main content

Black Duck

BlackDuck

An advisor that retrieves vulnerability information from a Black Duck instance.

Description

This advice provider by default retrieves vulnerabilities by the purl corresponding to the package. If a package has the label "black-duck:origin-id" (BlackDuck.PACKAGE_LABEL_BLACK_DUCK_ORIGIN_ID) set, then the vulnerabilities are retrieved by that origin-id instead of by the purl.

Configuration

Example

Use the following syntax to configure this plugin globally as part of config.yml:

ort:
  advisor:
    advisors:
      BlackDuck:
        options:
          serverUrl: <OPTIONAL_STRING>
        secrets:
          apiToken: <OPTIONAL_SECRET>

Options

serverUrl

STRING Required

The base URL of the BlackDuck REST API.

apiToken

SECRET Required

The API token to use for authentication.