-1

I am trying to implement Blackduck Image scanning in GitLab pipelines.

  • How can we read the recent built Image URL (Which would not necessarily be the latest version) from the image build job?
  • what all BD properties are required to run a image scan and save the results in a dedicated location?
Due-Degree-520
  • 1
  • Welcome! Please don't just ask us to solve the problem for you. Show us how you tried to solve the problem yourself, then show us exactly what the result was, and tell us why you feel it didn't work. Give us a clear explanation of what isn't working and provide a [Minimal, Complete, and Verifiable example](https://stackoverflow.com/help/mcve). Read [How to Ask a good question](https://stackoverflow.com/help/how-to-ask). Be sure to take the tour and read this. – jasie Jul 19 '22 at 07:38
  • Did you check https://community.synopsys.com/s/article/Running-Synopsys-Detect-with-GitLab-Integration-Documentation and https://github.com/blackducksoftware/hub-detect and https://stackoverflow.com/questions/58396685/black-duck-with-gitlab-ci-runner ? – jasie Jul 19 '22 at 07:41

1 Answers1

0

This article explains how to Run Synopsys Detect with Gitlab:

community.synopsys.com/s/article/Running-Synopsys-Detect-with-GitLab-Integration-Documentation

It provides a PDF document with detailed instructions:

/ Configuring with API Tokens

  1. Navigate to "Settings" in the sidebar menu. Then choose "CI/CD"
  2. Expand the "Secret variables" tab.
  3. Create two environment variables: HUB_URL and HUB_TOKEN
  4. Configure Synopsys Detect to be a script step in the .gitlab-ci.yml file of the project you want to scan. Then add the snippet for Synopsys Detect.

/ Configuring with Username and Password:

  1. Navigate to "Settings" in the sidebar menu. Then choose "CI/CD"
  2. Expand the "Secret variables" tab.
  3. Create three environment variables: HUB_URL, HUB_USERNAME AND HUB_PASSWORD
  4. Configure Synopsys Detect to be a script step in the .gitlab-ci.yml file of the project you want to scan. Then add the snippet for Synopsys Detect.

The PDF document provides more details and screenshots.

jasie
  • 2,192
  • 10
  • 39
  • 54