The XL Release Black Duck plugin is used to monitor various risks as analyzed by Black Duck, and to take action in XL Release. For example, to fail or pass a release based on the severity and volume of risks in Black Duck.

The plugin provides summary tiles for the Black Duck Hub that display counts of components with various risks, each with various severities.

A gate task is included in the plugin. This is used to configure various thresholds which determine if the task passes or fails.

Important: You must set up a connection to Black Duck server before adding Black Duck tasks or tiles. For information, see Define a Black Duck Server.

Note: In the release flow editor, the Black Duck Check Compliance task has a red border.

Features

The plugin added to XL Release provides:

  • A Black Duck Server type that can be used to configure the host running the Black Duck Hub.
  • A Black Duck Check Compliance task.
  • A summary tile for the Black Duck Risk Profile.
  • A summary tile for the Black Duck Risk Trend.

Requirements

The plugin requires the following:

  • The Black Duck Hub server running and accessible via HTTP(S).
  • The scan results available on the Black Duck Hub server.

Define a Black Duck Server

To set up a connection to a Black Duck Hub Server:

  1. In the top navigation bar, click Settings.
  2. Click Shared configuration.
  3. In the Title field, enter a name for the configuration.
  4. In the URL field, enter the address of the server.
  5. To trust all SSL certificates exposed by the server, check the Trust Certificate checkbox.
  6. If required, enter authentication details and proxy details.
  7. To test the connection, click Test.
  8. To save the configuration, click Save.

After the server connection is set up, you can create a release or template that checks thresholds of various risks according to the Black Duck Hub.

Check Compliance Task

The Check Compliance task creates a gate in the release flow which can break the flow if the count of components of various risks are greater than the configured thresholds.

In the new release, add a task of type Black Duck > Check Compliance.

  1. Select the Black Duck server where the results are stored.
  2. Specify the Project Name and the Project Version.
  3. Configure the thresholds for each type of risk for each severity. Each threshold sets the maximum allowed count of components for that risk and severity.

Check Compliance Task

Black Duck Risk Profile Tile

The Black Duck Risk Profile tile shows a summary of a risk type displayed as a graph, for example: Security Risk, License Risk, or Operational Risk.

The graph shows the number of components categorized according to severity for the configured risk type.

To configure the Black Duck Risk Profile tile:

  1. In the top navigation bar, click Dashboards.
  2. Select the dashboard where you want to add the new tile. Note: If you have not created a dashboard yet, you can do so by clicking the Add dashboard button in the top right of the screen.
  3. In the top right of the screen, click Configure dashboard.
  4. In the top right of the screen, click Add tiles.
  5. Hover over Black Duck risk profile, and click Add.
  6. On the dashboard, hover over the new Black Duck risk profile tile, and click configure.
  7. In the Title field, enter a name for the tile.
  8. In the Server field, enter the name of the Black Duck server to connect with.
  9. In the Project field, enter the project to pull data from.
  10. In the Version field, select a version to display metrics on.
  11. In the Risk type field, select a risk type to display. Note: Version filters follow semantic versioning. A custom regex can also be used, provided that it is python compatible.
  12. Click Save.

Black Duck Risk Proile Tile

Black Duck Risk trend tile

The Black Duck Risk trend tile shows a summary of a risk type, displayed as a graph, over a set period of time. For example: Security Risk, License Risk, or Operational Risk.

To add a Black Duck Risk trend tile:

  1. In the top navigation bar, click Dashboards.
  2. Select the dashboard where you want to add the new tile. Note: If you have not created a dashboard yet, you can do so by clicking the Add dashboard button in the top right of the screen.
  3. In the top right of the screen, click Configure dashboard.
  4. In the top right of the screen, click Add tiles.
  5. Hover over Black Duck risk trend, and click Add.
  6. On the dashboard, hover over the new Black Duck risk trend tile, and click configure.
  7. In the Title field, enter a name for the tile.
  8. In the Server field, enter the name of the Black Duck server to connect with.
  9. In the Time period field, select the period of time to display.
  10. In the Project name field, enter the project to pull data from.
  11. In the Risk type field, select a risk type to display.
  12. In the Versions field, select the versions to display metrics on. Note: Version filters follow semantic versioning. A custom regex can also be used, provided that it is python compatible.
  13. Click Save.

Black Duck Risk trend Tile

Release notes

XL Release Black Duck plugin 8.5.0

Improvements

  • Added the Black Duck Risk trend tile

XL Release Black Duck plugin 8.0.0

Improvements

  • Compatibility with XL Release 8.0.0

Bug Fixes

  • DEPL-12985: Fixed Last Analysis date formatting

XL Release Black Duck plugin 7.6.2

Bug Fixes

  • REL-6280: Bug fixes for IE11

XL Release Black Duck plugin 7.6.1

Improvements

  • [REL-6148] - Show timestamps of last scan in logs for task and summary tile

XL Release Black Duck plugin 7.6.0