Posted inCardiagtech

Black Duck Desktop Scanning Tool Manual: A Comprehensive Guide to Uploading Scan Files

No Comments

Black Duck’s desktop scanning tool helps identify open-source vulnerabilities in your codebase. This guide provides a detailed walkthrough of manually uploading scan files to the Black Duck platform. Understanding this process is crucial for effective vulnerability management.

Uploading Scan Results to Black Duck: A Step-by-Step Guide

After performing a scan with Black Duck’s desktop tool, you need to upload the results for analysis. Here’s how:

Accessing the Scans Section in Black Duck

  1. Log in: Start by logging into your Black Duck account.

  2. Navigate to Scans: You can access the scans section in two ways:

    • Click the Scans icon (usually represented by a scan or analysis icon) in the main navigation menu.
    • Navigate to a specific project version, go to the Settings tab, and select Scans.

Uploading the Scan File

  1. Initiate Upload: Click the Upload File button. You’ll be prompted to choose a file format:

    • BDIO Scan: Supports .json, .bdio, and .bdmu file extensions.
    • SBOM-SPDX: Supports .json, .yaml, .rdf, and .spdx file extensions and formats.
    • SBOM-CycloneDX: Supports .json file extensions and formats.

  2. Select Your File: In the Upload file format dialog box:

    • Click Browse Computer… or click inside the designated area to navigate and select your report file.
    • Alternatively, drag and drop the report file directly into the dialog box.

    You can upload multiple files by repeating this step. Queued files will be listed, ready for upload. To remove a file from the queue, click the Remove icon (typically a red “x”).

  3. Enable Auto-Creation (Optional): For SBOM files, select the Unmatched Component Auto-Creation checkbox to automatically generate custom components for unmatched origin IDs. This streamlines the component identification process.

  4. Start the Scan: Once the file(s) are uploaded, click the Scan button in the dialog box. The dialog box remains open, allowing you to add more files. Click Close when finished.

Important Considerations for File Uploads

  • Overwriting Existing Files: Uploading a BDIO or SBOM file with the same name as an existing file will overwrite the previous version, updating the project version’s Bill of Materials (BOM).

  • Mapping Scans to Projects: If a scan is not automatically mapped to a project, you’ll need to manually map it within Black Duck to ensure proper association.

Troubleshooting Scan Upload Errors

If an error occurs during the upload process, refer to the error code and message for troubleshooting. Common error categories include external communication errors, internal communication errors, resource allocation errors, registration errors, internal errors, external errors, and errors indicating the scan was stopped by the user. Detailed error code tables are available in the Black Duck documentation for further assistance. For a comprehensive list of these error codes and their corresponding messages, consult the Black Duck documentation.

Conclusion

Manually uploading scan files into Black Duck is a fundamental process for leveraging its vulnerability analysis capabilities. By following this step-by-step guide and understanding potential error codes, you can effectively integrate Black Duck into your security workflow and ensure accurate vulnerability detection. Remember to consult the official Black Duck documentation for the most up-to-date information and troubleshooting guidance.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *