Questions tagged [blackduck]
30 questions
4
votes
1 answer
Read time out in Apache HTTP Client but request runs fine with curl
I have a PUT requests that is done by a dependency scanner we are using
I'm behind a corporate proxy
Request is done with Apache HTTP Client 4
I get a "read time out" after the configured timeout
I recreated the request with curl and this works…
TomStroemer
- 1,390
- 8
- 28
3
votes
1 answer
How to fix the security vulnerability in system.drawing.common 4.7.0 package refered by Microsoft.EntityFrameworkCore.SqlServer(6.0.3)?
In Visual Studio 2022, API project created using .NET Core 6.0.6 runtime, we are using Microsoft.EntityFrameworkCore.SqlServer 6.0.3 nuget package. But recently found that there is a security vulnerability in the System.Drawing.Common 4.7.0…
RAMA KRISHNA
- 31
- 2
3
votes
1 answer
Blackduck scan failing for .Net 6 project and detect version 7 in Github Workflow
I am trying to run blackduck scan as part of a github workflow where my project is built using .Net Version 6.0.2
My blackduck scan step looks like this:
- name: Perform Blackduck Analysis
uses: blackducksoftware/github-action@v2.2
…
Abhinaba Chakraborty
- 3,488
- 2
- 16
- 37
3
votes
1 answer
Black Duck with Gitlab-CI runner
Im trying to integrate BlackDuck in to a gitlab ci script.
Running OpenJDK on Alpine 3.9.2
I get the following error in the logs
2019-10-14 15:19:00 ERROR [main] --- Scanning target /code/sre-web-
portal failed: There was a problem scanning target…
Chazzeday Washington
- 31
- 2
2
votes
1 answer
Groovy: Jenkinsfile: Unable to pass argument with space to shell script in jenkins pipeline
I am using a script in my jenkins file and one of the argument passed contains a space (--detect.project.user.groups="DATABASE RELEASE 1.0"):
sh './detect.sh --logging.level.com.synopsys.integration=DEBUG --blackduck.url="${URL}"…
Aswin Ramanath
- 67
- 8
1
vote
0 answers
Black Duck scanner flags non-existent jQuery 2.0.0 library
I scanned old .Net 4.7.2 web application with Synopsys Black Duck scanner.
It found high Security Risk in the library jQuery 2.0.0
However, this version of jQuery library do not exist in this project, it was upgraded to the jQuery 3.6.1.
If I click…
sam sergiy klok
- 526
- 7
- 17
1
vote
0 answers
Synopsys Detect with zip file
I am new to Blackduck and exploring it.
In the Synopsys Detect, I am trying to scan a file system including zip files.
I have the project created in the Black Duck server.
I have added the server configuration also with the API token having read and…
NutsAndBolts
- 341
- 3
- 13
1
vote
1 answer
Configuring Black Duck in Azure Devops
We already have a black duck server configured and we have a server URL. How can we use this server as an end point in Azure Devops pipeline without installing any build agent since we need to select end point from the dropdown.
madhan devops21
- 11
- 2
0
votes
0 answers
How to generate a vulnerability status Report from Black Duck using script python (Hub Instance API)
I 'm following this github URL to generate a vulnerability status report, including the result of the scan using Black Duck : https://github.com/blackducksoftware/hub-rest-api-python/tree/master
In the examples, there is a Python script to make the…
monaco Stephen
- 5
- 2
0
votes
0 answers
Blackduck scan results into GPL exception license risks in my android project. Can anyone provide the ways to fix this issue?
I am observing GPL2 class path exception in my android project in the components Codenameone . I am not using any codenameone library still the risks is there. I am not sure from where exactly it is coming from. Can anyone help here? See the…
vijaya zararia
- 159
- 1
- 3
- 11
0
votes
0 answers
How to exclude dev dependancies from black duck scans for an android project while running scans in AzureDevOps pipelines with synopsis detect8 task?
I have an Android project and I am running BlackDuck scan in the AzureDevOps pipeline using the following configuration
- task: SynopsysDetectTask@8
displayName: 'Run Synopsys Detect for your build '
inputs:
BlackDuckService:…
AndroidDev
- 888
- 3
- 13
- 27
0
votes
0 answers
Unable to establish a connection to the Black Duck server and execute the scan on Jenkins
I would like to set up a Black Duck security scan for our code through Jenkins. However, I'm facing an issue because the Black Duck server and Jenkins are in different Google Cloud Platform (GCP) projects. The Black Duck server is secured by Google…
Abhishek Jain
- 185
- 1
- 11
0
votes
0 answers
BlackDuck does not detect protobuf component's version
I am using BlackDuck to run security scan on a JAVA project. My project uses protobuf-java with the version 3.23.0. However, BlackDuck does not detect the version and hence, displays that the protobuf component have 2 vulnerabilities while it does…
0
votes
1 answer
Synopsys Detect task on Azure DevOps CI Pipeline fails with a 404
I'm dealing with a CI pipeline that uses the Synopsys Detect task and suddenly it started to fail. I looked at the logs and this is the output:
After seeing that I went to the URL where the task tries to get the Detect script from, and this is…
Zeze Pinto
- 31
- 3
0
votes
0 answers
Filter BlackDuck Project Names with hub-rest-api python
I could able to set the limit to pull the project names like below from blackduck,
hub = HubInstance()
projects = hub.get_projects(limit=999)
Is there any way to filter the project names starting with particular string?
projects =…
N.Ram Kumar
- 11
- 2