Synopsys Black Duck Service Broker for Pivotal Platform

This documentation describes the Synopsys Black Duck Service Broker for Pivotal Platform. The Synopsys Black Duck Service Broker for Pivotal Platform enables developers to secure and manage open source software in Pivotal Platform apps through the Black Duck console.

Overview

Black Duck is the industry leader in open source security and management. The Synopsys Black Duck Service Broker for Pivotal Platform exposes its scan service on the Marketplace. Developers can then use Apps Manager or the Cloud Foundry command line interface (cf CLI) to bind the Black Duck scan service to their apps.

Creating a Black Duck service instance and binding it to an app enables developers to initiate an open source software scan during the cf-push process.

Key Features

Using the Synopsys Black Duck Service Broker, you can:

  • Import the Black Duck Service Broker into your Marketplace
  • Provide the Black Duck Scan Service for any Pivotal Platform app.
  • Bind Black Duck to any app running on Pivotal Platform.
  • Automate open source scanning on any Pivotal Platform app.
  • Provide security, license, and operation risk information on identified open source software.
  • Continuously monitor the open source components in use.

Product Snapshot

The following table provides version and version support information about the Synopsys Black Duck Service Broker for Pivotal Platform.

Element Details
Version v2.0.0
Release date March 7, 2019
Software component version Black Duck v5.0 and later
Compatible Ops Manager versions v2.2.x, v2.3.x, and v2.4.x
Compatible Pivotal Application Service version(s) v2.2.x, v2.3.x, and v2.4.x
BOSH stemcell version Ubuntu Xenial

WARNING: Synopsys Black Duck Service Broker for Pivotal Platform v1.0.2 and earlier require a Ubuntu Trusty stemcell. The end-of-life date for Ubuntu Trusty is April 2019. If a security vulnerability is found on this stemcell after April, it will not be fixed.

Requirements

  1. The Synopsys Black Duck Service Broker for Pivotal Platform requires a licensed version of Black Duck. Contact our sales team to request a license.
  2. When configuring the BOSH Director, ensure the SSL/TLS termination point has a certificate signed by a CA in the trust store.

Feedback

For issues, feature requests, questions, or additional information, contact the Pivotal Platform Feedback list, or contact Synopsys Support.

Source Code

The Synopsys Black Duck Service Broker for Pivotal Platform source code is open source and is located at the Black Duck Software GitHub hub-cf repository.

License

The Synopsys Black Duck Service Broker for Pivotal Platform code is licensed under Apache 2.0.