Am I reading the right user guide?
Certain connectors have more than one user guide. It depends on the environment's setup and on the connector's available releases (new vs. older revisions).
To access the user guide that is relevant to your environment, simply click on the "How to connect" button located on the connector's setup page. By doing so, you will be directed to the user guide that aligns with your specific environment, ensuring relevancy and accuracy.
Overview
About BlackDuck
Black Duck® software composition analysis (SCA) helps teams manage the security, quality, and license compliance risks from using open-source and third-party code in applications and containers.
Why integrate BlackDuck into the Vulcan platform?
The BlackDuck Connector by Vulcan integrates with the BlackDuck platform to pull and ingest assets and vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.
BlackDuck Connector Details
Supported products | |
Category | Application Security - SCA |
Ingested asset type(s) | Code Projects |
Integration type | UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction) |
Supported version and type | SaaS (API V2024.1.1) |
Connector Setup
Prerequisites and user permissions
Before you begin configuring the Connector, make sure you have the following:
Your organization's server URL in BlackDuck
Black Duck API Token with Global Code Scanner permission/role.
Generating BlackDuck API Token
Go to the BlackDuck Platform and sign in as an Admin User.
Navigate to Admin > User Management
Create or edit a user you want to use for the integration.
Enter the User and add the permission Global Code Scanner Role.
Make sure the user is a member of the intended project or is a part of a group that is a member of the project.
Example:
Save.
Log out from the Admin User and log in as the integration user.
Click on the User tab, then on Access My Tokens.
Create a New Token and fill in the token details,
Check the Read Access option and click Create.
Save the generated API Token somewhere safe.
Configuring the BlackDuck Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
ClickConnector Connector.
Click on the BlackDuck icon.
Set up the Connector as follows:
Enter the Server URL
Enter the API Token you generated earlier.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your BlackDuck instance, then click Create (or Save Changes).
Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.
Click Create or Save Changes.
Allow some time for the sync to complete. You can review the sync status under Log on the Connector's setup page.
To confirm the sync is complete, navigate to the Connectors page. Once the BlackDuck icon shows Connected, the sync is complete.
BlackDuck in the Vulcan Platform
Viewing BlackDuck vulnerabilities in the Vulcan Platform
To view vulnerabilities by Connector/Source:
Go to the Vulnerabilities page.
Use the Search or Filter input box to select the Vulnerability Source or Connector filter.
Select BlackDuck from the vulnerability source/Connector list to filter results.
Click on any vulnerability for more vulnerability details.
Viewing BlackDuck assets in the Vulcan Platform
To view assets by Connector/Source:
Go to the Assets page.
Click on the relevant asset type tab.
Use the Search or filter input box to select Connector from the drop-down selection.
Select BlackDuck from the Asset source/Connector list to filter results and view all synced assets.
See the complete list of available asset filters per asset type
Taking Action on vulnerabilities and assets detected by BlackDuck
Take Action on vulnerabilities and assets detected by BlackDuck using the relevant filter.
Go to VulnerabConnector Assets Page.
Click on the Search and Filter input box and select Connector from the drop-down selection.
Locate the BlackDuck option to view all synced vulnerabilities/assets.
Select the relevant Vulnerability/Asset.
Click Take Action.
Automating actions on vulnerabilities detected by BlackDuck
Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the BlackDuck Connector.
From BlackDuck to the Vulcan Platform - Data Mapping
The Vulcan Platform integrates with BlacDuck through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform pages and fields.
Code Project Fields Mapping
BlackDuck field | Vulcan field |
name | Uniqueness criteria |
name | Asset Name |
Code Projects | Asset type |
componentName | Asset libraries - Name (SCA) |
componentVersionName | Asset libraries - Version (SCA) |
source | Asset details |
name (from tags call) | Asset Tags - Vendor’s tags |
versionName (from versions call) | Asset Tags - Additional |
active | Asset’s Status |
Now | Last report |
componentName, componentVersionName, version_name | Vulnerability instance uniqueness criteria |
vulnerabilityWithRemediation.vulnerabilityName | Unique Vulnerability uniqueness criteria |
vulnerabilityWithRemediation.vulnerabilityName | Vulnerability title |
vulnerabilityWithRemediation.overallScore | Vulnerability score |
description | Vulnerability description |
Technical Description - technicalDescription Title - title CVSS3 Vector - cvss3.vector CVSS2 Vector - cvss2.vector Source - source Workaround - workaround Published Date - publishedDate Vendor Fix Date - vendorFixDate Disclosure Date - disclosureDate | Vulnerability details |
vulnerabilityWithRemediation.overallScore | CVSS |
links -> related-vulnerabiltiy | CVE/S |
vulnerabilityWithRemediation.cweId | CWE |
cvss3.vector | CVSS attack vector |
"versionName": "{{ version_name }}", "componentName": "{{ componentName }}", "componentVersion": "{{ componentVersion }}", "componentVersionName": "{{ componentVersionName }}", "componentVersionOriginName": "{{ componentVersionOriginName }}", "componentVersionOriginId": "{{ componentVersionOriginId }}" | Vulnerability instance connection- additional information |
BlackDuck Recommendation for {{ name }} | Fix - Title |
solution | Fix - Description |
Vulnerability status mapping
BlackDuck Status | Vulcan Status |
Status is not "ignored" | Vulnerable |
VConnector’sy is no longer relevant in black duck and doesn’t return on the connector’s sync. | Fixed |
- | Ignored - false positive |
Ignored | Ignored risk acknowledged |
Vulnerability score mapping
The score is based on the field: vulnerabilityWithRemediation.overallScore
BlackDuck score | Vulcan score |
1-10 | 1-10 |
Status Update Mechanisms
Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any added).
The table below lists how the status update mechanism works in the BlackDuck connector for the vulnerabilities and assets in the Vulcan Platform.
Update type | Mechanism |
Archiving Assets |
|
Change of vulnerabiliConnectorces status from "Vulnerable" to "Fixed" |
|
Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).
API Endpoints in Use
API | Use in Vulcan | Permissions required |
| Assets (Code Projects) |
|
| Assets Tags, sync vulnerabilities per version |
|
| Assets Tags |
|
| Unique Vulnerabilities, Vulnerabilities Instances |
|
| Unique Vulnerabilities, Solutions |
|
Data Validation
Validating and comparing data between BlackDuck and Vulcan Platform.
Assets Count
Goal: Validate the assets count between BlackDuck and Vulcan.
In BlackDuck:
In Vulcan:
Navigate to Assets > Code Projects
Filter by BlackDuck connector. The results should match the project count in BlackDuck.
Unique Vulnerabilities Count
Goal: Compare the count of unique vulnerabilities between BlackDuck and Vulcan.
In BlackDuck:
In the Dashboard, move to the "Security" tab.
To see only active (vulnerable) vulnerabilities, ensure to filter out ignored vulnerabilities.
In Vulcan:
The count of vulnerabilities should match the number of unique vulnerabilities in Vulcan.
Vulnerabilities Instances (Connection) Count
Goal: Match the count of vulnerability instances between BlackDuck and Vulcan.
In BlackDuck:
From the Dashboard, click on the project name.
Click on a specific version. Note: Vulcan ingests all connections for all versions, so sum all instances from all versions.
Move to the "Security" tab and remove any applied filters.
On the left list, observe the vulnerabilities count of each project component. Clicking on each component will display specific vulnerabilities.
In Vulcan:
The BlackDuck vulnerability instances count should match the count in Vulcan.
You can also create a vulnerabilities report and export it: