Using the Synopsys Black Duck Service Broker for PCF

This topic describes how to use the Synopsys Black Duck Service Broker for Pivotal Cloud Foundry (PCF).

The Synopsys Black Duck Service Broker for PCF requires that you are logged in to a PCF environment and have selected your organization and space.

  1. If this is the first time you are pushing a particular app, you must let PCF know about it before you can start binding other apps and services to it. This is done by running the command:

    $ cf push APP-NAME --no-start

    Where APP-NAME is replaced with the name of your app.
  2. Verify that the black-duck-scan service displays in the Marketplace using the command:

    $ cf marketplace

  3. Create a service instance of the black-duck-scan-service using the command:

    $ cf create-service black-duck-scan standard INSTANCE-NAME

    Where INSTANCE-NAME is replaced with the name that you give to this Black Duck scan service instance.
  4. Bind the service instance of the scan service to the app using the command:

    $ cf bind-service APP-NAME INSTANCE-NAME

  5. Edit the project manifest.yml file, and in the env property of the app being scanned, add:

    • BLACK_DUCK_PROJECT_VERSION: (optional) This refers to the version of the project displayed in Black Duck. It is strongly recommended that you use this parameter.
    • BLACK_DUCK_PROJECT_NAME: (optional) Name of the project displayed in Black Duck.

    The following is an example of the manifest.yml file with the Black Duck changes:

    applications:
       - name: spring-music
         memory: 128M
         random-route: true
         path: build/libs/spring-music.jar
         env:
            BLACK_DUCK_PROJECT_VERSION: "1.0"
            BLACK_DUCK_PROJECT_NAME: "My CF Project"

    Note: The parameter values should be in single or double quotes so it is always interpreted as a string.

  6. To initiate the push with a Black Duck scan, use the command:

    $ cf push APP-NAME

  7. Navigate to your Black Duck instance to view the results.