BlackDuck API Credentials
To integrate with the BlackDuck API you need a valid API Access Token. In order to generate one, please follow the instructions below, or this link.
- From the user menu located on the top navigation bar, select My Access Tokens. The My Access Tokens page appears.
- Click Create New Token. The Create New Token dialog box appears.
- Type a name in the Name field.
- Optional: In the Description field, type a description or definition.
- Select Read Access.
- Click Create. The API token displays in a pop-up window. For security reasons, this is the only time your user API token displays. Please save this token. If the token is lost, you must regenerate it.
- Optional: To modify an access token that you created, click the arrow in the same row as the access token name to open a drop-down menu and select Edit, Delete, or Regenerate.
Create a BlackDuck Integration
- On the sidebar menu, navigate to the Scanners tab in the Integrations section.
- Move over the BlackDuck block under SCA/FOSS and click the “add” icon (if you already have an integration you can click on the context menu “…” and select Create New Integration.
- On the second step you need to provide the required details for the scanner integration. In the case of BlackDuck you need to provide:
- Name: The name for this integration.
- Server URL: This is the Base URL for you BlackDuck Hub portal.
- API Key: This is the API Access Token generated in the previous steps.
- In the next step you will be able to select whether the platform fetches all the assets and vulnerabilities available form the scanner, or you can include/exclude individual “targets” (applications, project, etc), if supported by the scanner.
- To finish the configuration click on “Create Scanner“.
Unless there are issues with the credentials, the new scanner will appear in your list of integrations (under Integrations > Scanners) and the platform will start to collect asset and vulnerability details from all Subscriptions available through the integration credentials.
All the scanner’s assets and vulnerabilities will be automatically added to your account’s Default Application, and will be available to start assigning them to user-created Applications as required.