Utsav Sanghani, Product Manager, Integrations and Alliance at Synopsys presented on how to "Black Duck your Code Faster with Black Duck Integrations." For more information, please visit www.blackducksoftware.com
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development and DevOps Toolchains
1. Black Duck your Code faster with
Black Duck Integrations
Utsav Sanghani – Senior Product Manager
2. Integrations Coverage Coming Up
1
SCM Build/CI
Binary
Repo/Image
Registry QA Prod Env.IDE
Flexibility to integrate open source risk management throughout the
SDLC
Bug Tracking & Reporting
Package
Manager
3. Highlights since last Flight
Black Duck Radar
Black Duck Detect
Black Duck Artifactory
Black Duck Sonarqube
Black Duck Alert
Black Duck SPDX
4. Black Duck Radar
Black Duck Detect
Black Duck Artifactory
Black Duck Sonarqube
Black Duck Alert
Black Duck SPDX
5. • Identify policy violations, security &
operational risk for OSS before it is
introduced into your environment
• Supports Maven, Nuget, NPM, Pypi &
others
• Works with your existing Hub Server
• Available on the Google Chrome
Extension Marketplace
Shift Left with Black Duck Radar
6. Black Duck Radar
Black Duck Detect
Black Duck Artifactory
Black Duck Sonarqube
Black Duck Alert
Black Duck SPDX
7. Hub Detect (Aug 2017)
Umbrella implementation to support most current
package managers & CI tools
Automates scanning for third party dependencies &
file system components in a single run via post-build
invocation
Native plugins for Jenkins & Visual Studio
Other CI systems invoke Detect’s shell or powershell
script
7
8. Black Duck Radar
Black Duck Detect
Black Duck Artifactory
Black Duck Sonarqube
Black Duck Alert
Black Duck SPDX
13. Black Duck Radar
Black Duck Detect
Black Duck Artifactory
Black Duck Sonarqube
Black Duck Alert
Black Duck SPDX
14. Black Duck Alert: Centralized Notification Manager for the Hub
• What is it: Centralized Notification Management System
to source, process & distribute notifications for Black
Duck Hub
• How does it work: External containerized web application
that communicates with the Hub to source and manage
notifications for distribution in the channel of choice
(currently supports email/slack/hipchat)
• Timeline: Available
• Availability: GitHub
• Hub version: 4.4+
• Supported Event Types: Policy Violations, Policy Override,
Policy Cancellations, High/Medium/Low Security
Vulnerabilities
19. Safe Harbor Statement
CONFIDENTIAL INFORMATION
The following material is confidential information of Synopsys and is being disclosed
to you pursuant to a non-disclosure agreement between you or your employer and
Synopsys. The material being discussed may only be used as permitted under such
non-disclosure agreement.
IMPORTANT NOTICE
In the event information in this presentation reflects Synopsys’ future plans, such
plan are as of the date of this presentation and are subject to change. Synopsys is
not obligated to develop the software with the features and functionality discussed
in this materials. In any event, Synopsys’ products may be offered and purchased
only pursuant to an authorized quote and purchase order or a mutually agreed
upon written contract.
21. Next Generation IDE Solution Objectives
Accuracy without Compromise
Ease of use and Speed
OR
Accuracy
AND
Integrated with Synopsys Portfolio
SAST and SCA
findings presented
together
Context-
sensitive
eLearning links
The SIG Portfolio is Available at Developers’ Fingertips
Dedication to Developer Experience
All design decisions are made with the Developer first!
Accuracy, Speed & Ease of Use
Redesigned UI/UX requires little to zero
configuration for the common cases. Automatic,
behind-the-scenes analysis on file save and open.
22. Benefits of UIDE with Black Duck
Support for
modern PM: Black
Duck supports all
the modern
package managers
like Maven, NPM,
Pypi, Ruby, Nuget
Component
Remediation:
Black Duck
provides
component
remediation
information right
in the IDE to
provide instant
fixes for SCA
issues!
Additional Security
Intelligence: BDSA
vulnerability feed,
to access security
intelligence, weeks
before exploits are
published on NVD
Actionable Insights
in the IDE: BoM view
in the IDE with risk
severities and
component license
Support for
Policy: Support
enforcement of
central policies to
flag violations
early on in the
process before
code is checked
in
Stay up –to-date:
OSS Operational
Risk ensures
developers are
choosing the
most up-to-date
components at all
times