Using the Synopsys Black Duck Service Broker for PCF
This topic describes how to use the Synopsys Black Duck Service Broker for Pivotal Cloud Foundry (PCF).
The Synopsys Black Duck Service Broker for PCF requires that you are logged in to a PCF environment and have selected your organization and space.
- If this is the first time you are pushing a particular app, you must let PCF know about it before you can start binding other
apps and services to it. This is done by running the command:
$ cf push APP-NAME --no-start
APP-NAMEis replaced with the name of your app.
- Verify that the
black-duck-scanservice displays in the Marketplace using the command:
$ cf marketplace
- Create a service instance of the black-duck-scan-service using the command:
$ cf create-service black-duck-scan standard INSTANCE-NAME
INSTANCE-NAMEis replaced with the name that you give to this Black Duck scan service instance.
Bind the service instance of the scan service to the app using the command:
$ cf bind-service APP-NAME INSTANCE-NAME
Edit the project
manifest.ymlfile, and in the
envproperty of the app being scanned, add:
BLACK_DUCK_PROJECT_VERSION: (optional) This refers to the version of the project displayed in Black Duck. It is strongly recommended that you use this parameter.
BLACK_DUCK_PROJECT_NAME: (optional) Name of the project displayed in Black Duck.
The following is an example of the
manifest.ymlfile with the Black Duck changes:
- name: spring-music
BLACK_DUCK_PROJECT_NAME: "My CF Project"
Note: The parameter values should be in single or double quotes so it is always interpreted as a string.
To initiate the push with a Black Duck scan, use the command:
$ cf push APP-NAME
Navigate to your Black Duck instance to view the results.