Using Artifactory 5.x ?
JFrog Artifactory 5.x User Guide

Have a question? Want to report an issue? Contact JFrog support

Skip to end of metadata
Go to start of metadata


The integration between Black Duck Code Center and Artifactory offers you an automated, non-invasive approach to the open source component approval process, in addition to proactively monitoring for security vulnerabilities that may be associated with specific binary components. License, security vulnerability and approval status are pulled from the Black Duck Knowledge Base.

This chapter describes:

  • How to configure Artifactory with Code Center
  • Viewing additional artifact Information
  • Artifactory Code Center build integration

The add-on adds a Governance tab in Builds, allowing automation of the approval process of an existing Black Duck application in accordance with the build info.

Black Duck integration is supported for Java and NuGet

Component governance through Artifactory's integration with Black Duck is only supported for Java (using Maven, Ivy or Gradle) and NuGet artifacts. Build component governance is provided for java artifacts through our CI Server plugins for Jenkins, TeamCity or Bamboo, and the MSBuild Artifactory Plugin (usable with any CI server that supports MSBuild) respectively.

Page Contents

Configuring Artifactory with Code Center

To configure Artifactory with Code Center click on the Admin tab and then go to Configuration -> Black Duck.

Black Duck Configuration

Field NameDescription
Server URIURI of the Black Duck Code Center instance
UsernameBlack Duck Code Center authentication username
Password Black Duck Code Center authentication password
Connection Timeout

Network timeout in milliseconds. Default is set to 20 seconds

Test connection

You can click on the Test button to verify that the credentials are correct.


If Artifactory is using a proxy to access remote resources (as described in Managing Proxies), be aware that communication to Code Center will go through the same proxy.

Additional Artifact Information

The window is divided into three sections with the information coming from the Code Center Knowledge Base:

  • General information including the Component Name, Version and ID together with a link to the Homepage and Description of the artifact
  • Details of the license 
  • List of known security vulnerabilities, if any.

To view the additional metadata received from Code Center, select the component in the Artifact Repository Browser of the Artifacts module, and then select the Governance tab.Governance tab

Manually editing the Component ID

 Click the icon next to External Component ID to manually override the Component ID with a different one in Code Center

The information appearing in the Governance tab is also cached in the Properties tab and can be both searched for and edited.

Licenses as properties

Artifactory Code Center Build Integration

Builds performed in the CI Server and deployed in Artifactory can be integrated into the Code Center approval process in an automated and non-invasive approach.  When a build completes successfully, Artifactory can run compliance checks and allow you to receive a report to see the current state of the build in terms of governance via the user interface.

CI Configuration

To run the Code Center compliance checks, you must first configure the CI Server Job.

The Application Name and Application Version are mandatory fields and represent the existing Code Center application.  You can optionally add the email address of where the compliance report is to be sent.

For additional information on the remaining fields, click on the ? icon on each field.

Governance Status Summary View

Once the CI Job is completed, compliance checks are run automatically. 

To view the build integration with Code Center, select the corresponding build from the Build Browser in the Build module, and then select the Governance tab.

The Code Center Application section displays application information as it appears in the Code Center and includes the overall approval status.

In addition, the Components and Vulnerabilities are displayed.  

The Components section shows how many components were found in the BOM and created in the Code Center application.  Details of their status (pending, rejected etc..) are given together with licensing details taken from the knowledge base of Black Duck.

The Vulnerabilities section displays the aggregated vulnerabilities found in the application.  These details are also taken from the knowledge base of Black Duck.

Once you have updated the status in the Code Center - whether approved or rejected, click on the Governance tab again to refresh the updated information in Artifactory. 

You can click on the Artifact ID to link out to the Code Center UI where you can perform other tasks such as approving or rejecting the artifact.

Grouping and Sorting

Components can be sorted according to any field. You can also group components according to License, Status or Scope by clicking on the group icon in the corresponding column header providing you with a variety of ways to view the current status of the build.

For example, the screenshot below shows the build components grouped by License.