Skip to end of metadata
Go to start of metadata
Table of Contents

Introduction

The integration between Black Duck Code Center and Artifactory offers you an automated, non-invasive approach to the open source component approval process, in addition to proactively monitoring for security vulnerabilities that may be associated with specific binary components. License, security vulnerability and approval status are pulled from the Black Duck Knowledge Base.

This chapter describes:

  • How to configure Artifactory with the Code Center
  • Additional Artifact Information
  • Artifactory Code Center Build Integration

The add-on adds a Governance tab in Builds, allowing automation of the approval process of an existing Black Duck application in accordance with the build info.

Configuring Artifactory with Code Center

To configure Artifactory with Code Center click on the Admin tab and then go to Configuration -> Black Duck.

Field NameDescription
Server URIURI of the Black Duck Code Center instance
UsernameBlack Duck Code Center authentication username
Password Black Duck Code Center authentication password
Connection Timeout

Network timeout in milliseconds. Default is set to 20 seconds

Test connection

You can click on the Test button to verify that the credentials are correct.

Proxy

In case Artifactory is using a proxy to access remote resources (as described in Managing Proxies), be aware that communication to Code Center is also going through that proxy.

 

Additional Artifact Information

The window is divided into three sections with the information coming from the Code Center Knowledge Base:

  • General Information including the Component Name, Version and ID together with a link to the Homepage and description of the artifact
  • Details of the license 
  • List of known security vulnerabilities, if any.

To view the additional metadata received from the Code Center in the Tree Browser click on the Artifacts tab and then go to Browse -> Tree Browser.

From the Tree Browser select the artifact to be viewed and select the Governance tab.

NOTE! that you can click on Edit to manually edit the Code Center Component ID.

The information appearing in the Governance tab is also cached in the Properties tab and can be both searched for and edited.

Artifactory Code Center Build Integration

Builds performed in the CI Server and deployed in Artifactory can be integrated into the Code Center approval process in an automated and non-invasive approach.  When a build completes successfully, Artifactory can run compliance checks and allow you to receive a report to see the current state of the build in terms of governance via the user interface.

CI Configuration

To run the Code Center compliance checks, you must first configure the CI Server Job.

The Application Name and Application Version are mandatory fields and represent the existing Code Center application.  You can optionally add the email address of where the compliance report is to be sent.

For additional information on the remaining fields, click on the ? icon on each field.

Governance Status Summary View

Once the CI Job is completed, compliance checks are run automatically. 

To view the build integration of the Code Center click on the Artifacts tab and then go to Browse -> Builds and select the required build from the list.  Once you have selected the required build, click the Governance tab.

The Code Center Application section displays application information as it appears in the Code Center and includes the overall approval status.

In addition, the Components and Vulnerabilities are displayed.  

The Components section shows how many components were found in the BOM and created in the Code Center application.  Details of their status (pending, rejected etc..) are given together with licensing details taken from the knowledge base of Black Duck.

The Vulnerabilities section displays the aggregated vulnerabilities found in the application.  These details are also taken from the knowledge base of Black Duck.

Once you have updated the status in the Code Center - either approve or reject, click on the Governance tab again to refresh the updated information in Artifactory. 

Hovering over the component with the mouse displays a bubble providing you with a number
of possible actions such as "Show Request" which links you to the Code Center UI and allows
you to perform other tasks such as approve and reject. 

 

Grouping and Sorting

Components can be sorted according to any field. You can also group components according to License, Status or Scope by clicking on the group icon  on the column header providing you with a variety of comprehensive views of the current status of the build.

For example, the screenshot below shows the build components displayed according to various types of license.