Detecker is a way of running Black Duck Detect inside a Docker container, so that it may be executed in a cloud-hosted environment without consuming any client-side resources.
When you build the Docker container, the script will download all of the requisite dependencies for Detect to successfully capture the open source within the codebase to be scanned.
When you run the container, the source will be downloaded and additional components if required (e.g. Python or Nuget). The script will then run Detect against this downloaded source and upload the results to your Black Duck server.
Build the Docker container
- To enable scanning with the latest version of Detect,
docker build -t detecker .
- To enable scanning with a different version of Detect,
docker build --build-arg detect_ver=6.3.0 -t detecker .
Once the container is built, you can then run the Docker container
You can specify the following arguments:
- --source or -s : Git URL from where to obtain the Source Code or the URL where the file to scan is located
- --key or -k : Black Duck API Key. The key needs to have both Read and Write permissions in Black Duck
- --project or -p [optional]: Black Duck Project Name. If not specified, the script will obtain the project name from the Source Code
- --version or -v [optional] : Black Duck Version. If not specified, the script will obtain the project version from the Source Code
- --config or -c [optional] : Optional configuration to invoke prior to running Detect
- --build or -b [optional] : Optionally specify a build command to invoke prior to running Detect
- --extra or -e [optional] : Extra Black Duck Detect options to add when running Black Duck Detect
docker run --rm --name "detecker" -it detecker -e --source=https://github.com/OWASP/NodeGoat.git \
--project=MJ-NodeGoat --key={redacted}
docker run --rm --name "detecker" -it detecker -e \
--source=https://curl.haxx.se/download/curl-7.72.0.zip \
--project=MJ-Curl --version=7.72 --key={redacted}