Synopsys Black Duck Service Broker for PCF
This documentation describes the Synopsys Black Duck Service Broker for Pivotal Cloud Foundry (PCF). The Synopsys Black Duck Service Broker for PCF enables developers to secure and manage open source software in PCF apps through the Black Duck console.
Black Duck is the industry leader in open source security and management. The Synopsys Black Duck Service Broker for PCF exposes its scan service on the Marketplace. Developers can then use Apps Manager or the Cloud Foundry command line interface (cf CLI) to bind the Black Duck scan service to their apps.
Creating a Black Duck service instance and binding it to an app enables developers to initiate an open source software scan during the cf-push process.
Using the Synopsys Black Duck Service Broker, you can:
- Import the Black Duck Service Broker into your Marketplace
- Provide the Black Duck Scan Service for any PCF app.
- Bind Black Duck to any app running on PCF.
- Automate open source scanning on any PCF app.
- Provide security, license, and operation risk information on identified open source software.
- Continuously monitor the open source components in use.
The following table provides version and version support information about the Synopsys Black Duck Service Broker for PCF.
|Release date||March 7, 2019|
|Software component version||Black Duck v5.0 and later|
|Compatible Ops Manager versions||v2.2.x, v2.3.x, and v2.4.x|
|Compatible Pivotal Application Service version(s)||v2.2.x, v2.3.x, and v2.4.x|
|BOSH stemcell version||Ubuntu Xenial|
WARNING: Synopsys Black Duck Service Broker for PCF v1.0.2 and earlier require a Ubuntu Trusty stemcell. The end-of-life date for Ubuntu Trusty is April 2019. If a security vulnerability is found on this stemcell after April, it will not be fixed.
- The Synopsys Black Duck Service Broker for PCF requires a licensed version of Black Duck. Contact our sales team to request a license.
- When configuring the BOSH Director, ensure the SSL/TLS termination point has a certificate signed by a CA in the trust store.
The Synopsys Black Duck Service Broker for PCF source code is open source and is located at the Black Duck Software GitHub hub-cf repository.
The Synopsys Black Duck Service Broker for PCF code is licensed under Apache 2.0.