Using the Black Duck Hub Service Broker for PCF

This topic describes how to use the Black Duck Hub Service Broker for Pivotal Cloud Foundry (PCF).

Using the Black Duck Hub Service Broker for PCF

Use of the Black Duck Hub Service Broker for PCF requires that you are logged in to a PCF environment and have selected your organization and space.

  1. If this is the first time you are pushing a particular app, you must let PCF know about it before you can start binding other apps and services to it. This is done by running the command:

    $ cf push APP-NAME --no-start

  2. Verify that the black-duck-scan service displays in the Marketplace using the command:

    $ cf marketplace

    Where APP-NAME is replaced with the name of your app.
  3. Create a service instance of the black-duck-scan-service using the command:

    $ cf create-service black-duck-scan standard INSTANCE-NAME

  4. Bind the service instance of the scan service to the app using the command:

    $ cf bind-service APP-NAME INSTANCE-NAME -c '{"project_name": "PROJECT-NAME", "code_location": "CODE-LOCATION-NAME"}

    Where:
    • PROJECT-NAME: Name of the project displayed in the Black Duck Hub (optional)
    • CODE-LOCATION-NAME: Hub code location alias (optional)

      Note: The path to a file containing the JSON can be provided in the -c option in place of the inline JSON.

  5. Edit the project’s manifest.yml file, and add BLACK_DUCK_PROJECT_VERSION to the env property of the app being scanned. This refers to the version of the project displayed in the Black Duck Hub. This step is optional, but strongly recommended. The following is an example of the manifest.yml file with the recommended changes:

    applications:
       - name: spring-music
         memory: 1G
         random-route: true
         path: build/libs/spring-music.jar
         env:
            BLACK_DUCK_PROJECT_VERSION: "1.0"

    Note: The BLACK_DUCK_PROJECT_VERSION value should be in single or double quotes so it is always interpreted as a string.

  6. To initiate the push with a Black Duck scan, use the command:

    $ cf push -m 4G APP-NAME
    Memory of 4 GB or more is required because the Black Duck scan client reserves 4 GB of heap space. The -m 4G parameter overrides the memory attribute in the manifest.yml file and is not necessary if the value in the file is equal to or greater than 4 GB.

  7. Navigate to Black Duck Hub to view the results.

Create a pull request or raise an issue on the source for this page in GitHub