Am I reading the right user guide?

Certain connectors have more than one user guide. It depends on the environment's setup and on the connector's available releases (new vs. older revisions).

To access the user guide that is relevant to your environment, simply click on the "How to connect" button located on the connector's setup page. By doing so, you will be directed to the user guide that aligns with your specific environment, ensuring relevancy and accuracy.

Overview

About BlackDuck

Black Duck® software composition analysis (SCA) helps teams manage the security, quality, and license compliance risks from using open-source and third-party code in applications and containers.

Why integrate BlackDuck into the Vulcan platform?

The BlackDuck Connector by Vulcan integrates with the BlackDuck platform to pull and ingest assets and vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.

BlackDuck Connector Details

Supported products	BlackDuck - SCA
Category	Application Security - SCA
Ingested asset type(s)	Code Projects
Integration type	UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction)
Supported version and type	SaaS (latest)

Connector Setup

Prerequisites and user permissions

Before you begin configuring the Connector, make sure you have the following:

Your organization's server URL in BlackDuck
Black Duck API Token with Global Code Scanner permission/role.

Generating BlackDuck API Token

Go to the BlackDuck Platform and sign in as an Admin User.
Navigate to Admin > User Management
Create or edit a user you want to use for the integration.
Enter the User and add the permission Global Code Scanner Role.
Make sure the user is a member of the intended project or is a part of a group that is a member of the project.
Example:
Save.
Log out from the Admin User and log in as the integration user.
Click on the User tab, then on Access My Tokens.
Create a New Token and fill in the token details,
Check the Read Access option and click Create.
Save the generated API Token somewhere safe.

Configuring the BlackDuck Connector

Log in to your Vulcan Cyber dashboard and go to Connectors.
ClickConnector Connector.
Click on the BlackDuck icon.
Set up the Connector as follows:
- Enter the Server URL
- Enter the API Token you generated earlier.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your BlackDuck instance, then click Create (or Save Changes).
Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.
Click Create or Save Changes.
Allow some time for the sync to complete. You can review the sync status under Log on the Connector's setup page.
To confirm the sync is complete, navigate to the Connectors page. Once the BlackDuck icon shows Connected, the sync is complete.

BlackDuck in the Vulcan Platform

Viewing BlackDuck vulnerabilities in the Vulcan Platform

To view vulnerabilities by Connector/Source:

Go to the Vulnerabilities page.
Use the Search or Filter input box to select the Vulnerability Source or Connector filter.
See the complete list of available vulnerability filters.
Select BlackDuck from the vulnerability source/Connector list to filter results.
Click on any vulnerability for more vulnerability details.

Viewing BlackDuck assets in the Vulcan Platform

To view assets by Connector/Source:

Go to the Assets page.
Click on the relevant asset type tab.
Use the Search or filter input box to select Connector from the drop-down selection.
Select BlackDuck from the Asset source/Connector list to filter results and view all synced assets.
See the complete list of available asset filters per asset type

Taking Action on vulnerabilities and assets detected by BlackDuck

Take Action on vulnerabilities and assets detected by BlackDuck using the relevant filter.

Go to VulnerabConnector Assets Page.
Click on the Search and Filter input box and select Connector from the drop-down selection.
Locate the BlackDuck option to view all synced vulnerabilities/assets.
Select the relevant Vulnerability/Asset.
Click Take Action.

Automating actions on vulnerabilities detected by BlackDuck

Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the BlackDuck Connector.

Learn all about Automation Playbooks in the Vulcan Cyber Platform.

From BlackDuck to the Vulcan Platform - Data Mapping

The Vulcan Platform integrates with BlacDuck through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform pages and fields.

Code Project Fields Mapping

BlackDuck field	Vulcan field
name	Uniqueness criteria
name	Asset Name
Code Projects	Asset type
componentName	Asset libraries - Name (SCA)
componentVersionName	Asset libraries - Version (SCA)
source	Asset details
name (from tags call)	Asset Tags - Vendor’s tags
versionName (from versions call)	Asset Tags - Additional
active	Asset’s Status
Now	Last report
componentName, componentVersionName, version_name	Vulnerability instance uniqueness criteria
vulnerabilityWithRemediation.vulnerabilityName	Unique Vulnerability uniqueness criteria
vulnerabilityWithRemediation.vulnerabilityName	Vulnerability title
vulnerabilityWithRemediation.overallScore	Vulnerability score
description	Vulnerability description
Technical Description - technicalDescription Title - title CVSS3 Vector - cvss3.vector CVSS2 Vector - cvss2.vector Source - source Workaround - workaround Published Date - publishedDate Vendor Fix Date - vendorFixDate Disclosure Date - disclosureDate	Vulnerability details
vulnerabilityWithRemediation.overallScore	CVSS
links -> related-vulnerabiltiy	CVE/S
vulnerabilityWithRemediation.cweId	CWE
cvss3.vector	CVSS attack vector
"versionName": "{{ version_name }}", "componentName": "{{ componentName }}", "componentVersion": "{{ componentVersion }}", "componentVersionName": "{{ componentVersionName }}", "componentVersionOriginName": "{{ componentVersionOriginName }}", "componentVersionOriginId": "{{ componentVersionOriginId }}"	Vulnerability instance connection- additional information
BlackDuck Recommendation for {{ name }}	Fix - Title
solution	Fix - Description

Vulnerability status mapping

BlackDuck Status	Vulcan Status
Status is not "ignored"	Vulnerable
VConnector’sy is no longer relevant in black duck and doesn’t return on the connector’s sync.	Fixed
-	Ignored - false positive
Ignored	Ignored risk acknowledged

Vulnerability score mapping

The score is based on the field: vulnerabilityWithRemediation.overallScore

BlackDuck score	Vulcan score
1-10	1-10

Status Update Mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any added).

The table below lists how the status update mechanism works in the BlackDuck connector for the vulnerabilities and assets in the Vulcan Platform.

Update type	Mechanism
Archiving Assets	By X days according to last seen - if the Asset hasn’t been seen for X days, it will be archived from Vulcan. If the asset doesn't fetch on the last sync, it will be archived.
Change of vulnerabiliConnectorces status from "Vulnerable" to "Fixed"	By status "fixed": If the connector has a relevant vulnerability status which indicates that the Vulnerability is fixed. Non delta: If the vulnerability doesn't fetch again on the next sync, it will be moved to "fixed".

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).

API Endpoints in Use

API	Use in Vulcan	Permissions required
`api/projects`	Assets (Code Projects)	`Global Code Scanner`
`api/projects/{{ project_id }}/versions`	Assets Tags, sync vulnerabilities per version	`Global Code Scanner`
`api/projects/{{ project_id }}/tags`	Assets Tags	`Global Code Scanner`
`/api/projects/{{ project_id }}/versions/{{ version_id }}/vulnerable-bom-components`	Unique Vulnerabilities, Vulnerabilities Instances	`Global Code Scanner`
`api/vulnerabilities/{{ vulnerability_name }}`	Unique Vulnerabilities, Solutions	`Global Code Scanner`

Data Validation

Validating and comparing data between BlackDuck and Vulcan Platform.

Assets Count

Goal: Validate the assets count between BlackDuck and Vulcan.

In BlackDuck:

Navigate to the Dashboard.
Click on "Projects" to see the projects injected into Vulcan.

In Vulcan:

Navigate to Assets > Code Projects
Filter by BlackDuck connector. The results should match the project count in BlackDuck.

Unique Vulnerabilities Count

Goal: Compare the count of unique vulnerabilities between BlackDuck and Vulcan.

In BlackDuck:

In the Dashboard, move to the "Security" tab.
To see only active (vulnerable) vulnerabilities, ensure to filter out ignored vulnerabilities.

In Vulcan:

The count of vulnerabilities should match the number of unique vulnerabilities in Vulcan.

Vulnerabilities Instances (Connection) Count

Goal: Match the count of vulnerability instances between BlackDuck and Vulcan.

In BlackDuck:

From the Dashboard, click on the project name.
Click on a specific version. Note: Vulcan ingests all connections for all versions, so sum all instances from all versions.
Move to the "Security" tab and remove any applied filters.
On the left list, observe the vulnerabilities count of each project component. Clicking on each component will display specific vulnerabilities.

In Vulcan:

The BlackDuck vulnerability instances count should match the count in Vulcan.

You can also create a vulnerabilities report and export it:

WhiteHat Connector (new revision)

Snyk Connector (new revision)

Qualys WAS Connector (new revision)

GitHub Dependabot Connector (new revision)

GitLab Connector