Synopsys Black Duck Service Broker for VMware Tanzu

This documentation describes the Synopsys Black Duck Service Broker for VMware Tanzu. The Synopsys Black Duck Service Broker for VMware Tanzu enables developers to secure and manage open source software in VMware Tanzu apps through the Black Duck console.

Overview

Black Duck is the industry leader in open source security and management. The Synopsys Black Duck Service Broker for VMware Tanzu exposes its scan service on the Marketplace. Developers can then use Apps Manager or the Cloud Foundry command line interface (cf CLI) to bind the Black Duck scan service to their apps.

Creating a Black Duck service instance and binding it to an app enables developers to initiate an open source software scan during the cf-push process.

Key Features

Using the Synopsys Black Duck Service Broker, you can:

  • Import the Black Duck Service Broker into your Marketplace
  • Provide the Black Duck Scan Service for any VMware Tanzu app.
  • Bind Black Duck to any app running on VMware Tanzu.
  • Automate open source scanning on any VMware Tanzu app.
  • Provide security, license, and operation risk information on identified open source software.
  • Continuously monitor the open source components in use.

Product Snapshot

The following table provides version and version support information about the Synopsys Black Duck Service Broker for VMware Tanzu.

Element Details
Version v2.0.0
Release date March 7, 2019
Software component version Black Duck v5.0 and later
Compatible Ops Manager versions v2.2.x, v2.3.x, and v2.4.x
Compatible VMware Tanzu Application Service for VMs version(s) v2.2.x, v2.3.x, and v2.4.x
BOSH stemcell version Ubuntu Xenial

Requirements

  1. The Synopsys Black Duck Service Broker for VMware Tanzu requires a licensed version of Black Duck. Contact our sales team to request a license.
  2. When configuring the BOSH Director, ensure the SSL/TLS termination point has a certificate signed by a CA in the trust store.

Feedback

For issues, feature requests, questions, or additional information, contact the VMware Tanzu Feedback list, or contact Synopsys Support.

Source Code

The Synopsys Black Duck Service Broker for VMware Tanzu source code is open source and is located at the Black Duck Software GitHub hub-cf repository.

License

The Synopsys Black Duck Service Broker for VMware Tanzu code is licensed under Apache 2.0.