Skip to content
/ detecker Public

Detecker is an example of how to run Synopsys' Black Duck Detect in a Docker container

License

Apache-2.0 license
3 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jones6951/detecker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
run-detect.sh
run-detect.sh
 
 

Repository files navigation

Detecker - Containerized Black Duck Detect

Detecker (a combination of Detect and Docker) is a way of running Black Duck Detect inside a Docker container, so that it may be executed in a cloud-hosted environment without consuming any client-side resources.

When you build the Docker container, the script will download all of the requisite dependencies for Detect to successfully capture the open source within the codebase to be scanned.

When you run the container, the source will be downloaded and additional components if required (e.g. Python or Nuget). The script will then run Detect against this downloaded source and upload the results to your Black Duck server.

Usage

Step 1

Build the Docker container

  • To enable scanning with the latest version of Detect,
    • docker build -t detecker .
  • To enable scanning with a different version of Detect,
    • docker build --build-arg detect_ver=6.3.0 -t detecker .

Step 2

Once the container is built, you can then run the Docker container

You can specify the following arguments:

  • --source or -s : Git URL from where to obtain the Source Code or the URL where the file to scan is located. Alternatively, you can specify --source=LOCAL to enable local file-system scanning, in which case you must also mount a volume with the parameter -v /path/to/your/code:/source
  • --key or -k : Black Duck API Key. The key needs to have both Read and Write permissions in Black Duck
  • --project or -p [optional]: Black Duck Project Name. If not specified, the script will obtain the project name from the Source Code
  • --version or -v [optional] : Black Duck Version. If not specified, the script will obtain the project version from the Source Code
  • --config or -c [optional] : Optional configuration to invoke prior to running Detect
  • --build or -b [optional] : Optionally specify a build command to invoke prior to running Detect
  • --extra or -e [optional] : Extra Black Duck Detect options to add when running Black Duck Detect

Example 1: To scan a project directly from Github

docker run --rm --name "detecker" -it detecker -e --source=https://github.com/OWASP/NodeGoat.git \
--project=MJ-NodeGoat --key={redacted}

Example 2: To scan a project from a URL

docker run --rm --name "detecker" -it detecker -e \
--source=https://curl.haxx.se/download/curl-7.72.0.zip \
--project=MJ-Curl --version=7.72 --key={redacted}

Example 3: To scan a local folder

docker run --rm -v /Users/martin/Development/roller:/source -it detecker -e \
--source=LOCAL \s
--project=MJ-Roller --version=1.23 --key={redacted}

About

Detecker is an example of how to run Synopsys' Black Duck Detect in a Docker container

Resources

Readme

License

Apache-2.0 license
Activity

Stars

3 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages