Synopsys Black Duck Service Broker for VMware Tanzu Architecture

How it works

Synopsys Black Duck Service Broker Architecture

The Synopsys Black Duck Service Broker for VMware Tanzu Architecture is based off the Black Duck perceptor open source project, which is an API server and event handler for consuming, storing, and queueing various workloads associated with responding to events that occur in distributed orchestration systems. When installed into the VMware Tanzu Ops Manager,the Black Duck Service Broker behaves in the following manner:

  1. The developer first creates the Black Duck service, and then binds it to their app.

  2. The developer then runs the cf push command.

  3. As the app is built and packaged into a droplet, the Black Duck Service Broker’s droplet perceiver component picks up the new droplet creation event through the cf-java-client SDK, which interfaces the Cloud Controller API.

  4. The scanner component is polling the core perceptor component for any new droplets, and invokes the droplet fa├žade to download and store the droplet in a location where the scanner component executes a Black Duck scan on the droplet.

  5. After the scan completes, open source metadata information is displayed in Black Duck such as:

    • Security
    • License
    • Operational risk
    • Policy violation status