In this article you will find:

  1. How to configure Black Duck in Vulcan platform

  2. How to view data from Black Duck in Vulcan platform

1. Configuring Black Duck

In the Connectors page, click on Add a Connector.

Click on the Black Duck connector.

Fill in the relevant fields:

Server URL - URL of your Black Duck account

For example: https://{ip_address}.com

API Access Token - Key to communicate with Black Duck API.
The API key should be associated with user role Super User. You can go to Administration --> User Management ---> Overall Permission --> Make sure 'Super User' is checked.
To generate the API access token, go to My Profile --> User Access Token --> Provide indicative name and description (for example 'Vulcan User') with 'read' and 'write' access.

Click on Generate.
Note that API access tokens only presented upon initial generation, so it's important to store them in a safe location as hey cannot be retrieved and will need to be regenerated if lost.

Click on Create

  • You can see the connector's progress in the Log tab

2. Viewing data from Black Duck in Vulcan

Vulcan provides the option to remediate vulnerabilities from 2 different angels:

  • Assets

  • Vulnerabilities

Assets

The data from Black duck will be displayed under Code Projects  - This tab gathers all data came from SAST and SCA tools. To filter only Black Duck data, simply use the Search Bar.

The Project column will indicate the projects you have in Black Duck.

The Last Report column will indicate the last scanned time in Black Duck.
The Top Risk column will indicate the highest risk-value from all risks that exist in a project.
The Vulnerabilities column will indicate the number of vulnerabilities that exist in a project.
The Tags column will indicate all the tags that related to projects.

Clicking on each project will open its Asset Card where you can view in detailed the project's data, including - All related vulnerabilities, affected libraries and packages, details of projects and correlated data from other sources.

If you want to view specific vulnerability, click on it and you will get a representation of that vulnerability and its details.

Vulnerabilities
You can view all data from Black Duck in Vulnerabilities.  In order to filter only Black Duck data, simply use the Search Bar.

You can start the remediation process by clicking on a vulnerability and view all details fetched from your Black Duck account.
All the data from Black Duck including the descriptions, the offered solutions, available fixes and more are in Vulcan.

Click on Take Action if you wish to open a ticket and assign it to a specific team or share your findings via Slack channels or emails.

Did this answer your question?