Stack Overflow
Stack Overflow

Questions tagged [synopsis-detect]

16 questions
3
votes
1 answer

Blackduck scan failing for .Net 6 project and detect version 7 in Github Workflow

I am trying to run blackduck scan as part of a github workflow where my project is built using .Net Version 6.0.2 My blackduck scan step looks like this: - name: Perform Blackduck Analysis uses: blackducksoftware/github-action@v2.2 …
Abhinaba Chakraborty
  • 3,488
  • 2
  • 16
  • 37
3
votes
1 answer

Black Duck with Gitlab-CI runner

Im trying to integrate BlackDuck in to a gitlab ci script. Running OpenJDK on Alpine 3.9.2 I get the following error in the logs 2019-10-14 15:19:00 ERROR [main] --- Scanning target /code/sre-web- portal failed: There was a problem scanning target…
Chazzeday Washington
  • 31
  • 2
1
vote
1 answer

I don't understand why my 8.6 tcl version does understand a for loop like this: "for{set i 0}{$i<10}{incr i}{

I am using the tclsh interpreter and the Synopsis Primetime shell. Both are not supporting that kind of loop. is there something that I am missing here? Thanks a lot I am trying to perform a very standard for loop
Raul
  • 11
  • 1
1
vote
0 answers

Synopsys Detect with zip file

I am new to Blackduck and exploring it. In the Synopsys Detect, I am trying to scan a file system including zip files. I have the project created in the Black Duck server. I have added the server configuration also with the API token having read and…
NutsAndBolts
  • 341
  • 3
  • 13
0
votes
0 answers

Synopsis coverity still return Filesystem path, filename, or URI manipulation in java dispite making the recommended fix

Synopsis coverity still return Filesystem path, filename, or URI manipulation in java dispite making the recommended fix. While these two following questions give a explaination of what todo they fail to fix the alert generated by the tool. Coverity…
Chris
  • 1,080
  • 20
  • 44
0
votes
0 answers

How to exclude dev dependancies from black duck scans for an android project while running scans in AzureDevOps pipelines with synopsis detect8 task?

I have an Android project and I am running BlackDuck scan in the AzureDevOps pipeline using the following configuration - task: SynopsysDetectTask@8 displayName: 'Run Synopsys Detect for your build ' inputs: BlackDuckService:…
AndroidDev
  • 888
  • 3
  • 13
  • 27
0
votes
0 answers

Unable to establish a connection to the Black Duck server and execute the scan on Jenkins

I would like to set up a Black Duck security scan for our code through Jenkins. However, I'm facing an issue because the Black Duck server and Jenkins are in different Google Cloud Platform (GCP) projects. The Black Duck server is secured by Google…
Abhishek Jain
  • 185
  • 1
  • 11
0
votes
0 answers

BlackDuck does not detect protobuf component's version

I am using BlackDuck to run security scan on a JAVA project. My project uses protobuf-java with the version 3.23.0. However, BlackDuck does not detect the version and hence, displays that the protobuf component have 2 vulnerabilities while it does…
Vphdreamer
  • 1
0
votes
1 answer

Synopsys Detect task on Azure DevOps CI Pipeline fails with a 404

I'm dealing with a CI pipeline that uses the Synopsys Detect task and suddenly it started to fail. I looked at the logs and this is the output: After seeing that I went to the URL where the task tries to get the Detect script from, and this is…
Zeze Pinto
  • 31
  • 3
0
votes
0 answers

Renovate dockerfile when version is specified in url

I would like to renovate synopsys-detect dockerfile which looks like that: FROM artifactory...alpine:3 RUN apk --no-cache add \ bash \ curl \ git \ openjdk11-jre \ py3-pip \ python3 ENV…
Frendom
  • 508
  • 6
  • 24
0
votes
0 answers

Blackduck scan not able to identify vulnerability in jQuery UI - v1.12.1

I scanned a newly created project with Blackduck. The folder contains many folders (depth > 10) and 70+ jquery files. One of these files has the following content (jquery UI-v1.12.1). As per Synk, this version has 4 vulnerabilities. Unfortunately,…
NutsAndBolts
  • 341
  • 3
  • 13
0
votes
1 answer

Problems with Blackduck Scanner -JNI Error?-

I have a question regarding a Blackduck scan. It only runs until the signature scan and then exits with the exit code 1 & throws the following error: Error: A JNI error has occurred, please check your installation and try again Exception in thread…
Larumee
  • 63
  • 4
0
votes
0 answers

Blackduck reports are empty and console logs pip inspect errors

Below are the blackduck scan step.I am running a pipeline that has blackduck stage : ./detect.sh --blackduck.url=https://blackduck.project-tools.com --blackduck.api.token=**** --detect.parent.project.name=cicd_tma-ggg-Mtr…
jenkinsuser
  • 1
  • 2
0
votes
1 answer

Can't run BlackDuck scan on a netcore 3.1 project - "Unable to install the nuget inspector from Artifactory"

When running a BlackDuck scan on a netcoreapp3.1 project, I get this error: [main] --- ======== Detect Issues ======== [main] --- [main] --- DETECTORS: [main] --- D:\<-snip-my-local-path-> [main] --- Not Extractable: NUGET - Solution [main]…
quetzalcoatl
  • 32,194
  • 8
  • 68
  • 107
0
votes
1 answer

How to scanning path in docker image from BlackDuck scanning

I'm using BlackDuck scanning use script detect.sh from Synopsys to scan docker image but I don't know how to scan path in docker image. My setting below: ./detect.sh \ --blackduck.url=https://blackduck.blackducksoftware.com…
Đặng Lực
  • 54
  • 1
  • 8
1
2