<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>BlackDuck on Software Factory</title><link>/tags/blackduck/</link><description>Recent content in BlackDuck on Software Factory</description><generator>Hugo</generator><language>en</language><atom:link href="/tags/blackduck/index.xml" rel="self" type="application/rss+xml"/><item><title>Black Duck</title><link>/use/tools/blackduck-sca/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/use/tools/blackduck-sca/</guid><description>&lt;div style="display: flex; align-items: flex-start; gap: 1.5rem; margin-bottom: 1rem; max-width: 80%;"&gt;
 &lt;img src="/logo/icon_Black_Duck_SCA.svg" alt="Black Duck"
 width="150"
 style="flex-shrink: 0;"&gt;
 &lt;div&gt;&lt;p&gt;Black Duck is the Software Factory&amp;rsquo;s most complete &lt;strong&gt;Software Composition Analysis&lt;/strong&gt;
(&lt;a href="/use/practices/secure/software-composition-analysis/"&gt;SCA&lt;/a&gt;
) solution.
It combines four detection techniques to build a complete dependency inventory — including
dependencies that other tools miss, such as copy-pasted open source code and components
embedded in compiled binaries.&lt;/p&gt;
&lt;p&gt;This process helps in identifying known security vulnerabilities (CVEs/BDSAs), license
compliance violations, operational risks, and generating a comprehensive Bill of Materials (BOM)
for your applications.&lt;/p&gt;</description></item><item><title>Black Duck SCA</title><link>/use/howto/secure/blackduck-reports/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/use/howto/secure/blackduck-reports/</guid><description>&lt;p&gt;This guide outlines practical, step-by-step instructions for integrating Black Duck SCA into your
workflow, from initial project setup to CI/CD integration, advanced manual operations, and local
IDE scanning.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Prerequisites:&lt;/strong&gt; You must have Maintainer permissions for your GitLab repository and access to
the Black Duck server.&lt;/p&gt;
&lt;h2 id="how-to-prepare-your-black-duck-project"&gt;How to Prepare Your Black Duck Project&lt;a class="td-heading-self-link" href="#how-to-prepare-your-black-duck-project" aria-label="Heading self-link"&gt;&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;Before analyzing your source code, you must provision a project space.&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;Log in to your account on the Black Duck server.&lt;/li&gt;
&lt;li&gt;In the top-right corner of the dashboard, click &lt;strong&gt;+ Create Project&lt;/strong&gt;.&lt;/li&gt;
&lt;li&gt;Enter your &lt;strong&gt;Project Name&lt;/strong&gt;.&lt;/li&gt;
&lt;li&gt;Enter an initial &lt;strong&gt;Version Name&lt;/strong&gt; (e.g., &lt;code&gt;main&lt;/code&gt;, &lt;code&gt;v1.2.0&lt;/code&gt;).&lt;/li&gt;
&lt;li&gt;Fill out the desired fields (like Tier or Phase) and click
&lt;strong&gt;Save&lt;/strong&gt;.&lt;/li&gt;
&lt;li&gt;Ensure your user account (or service account) has &lt;strong&gt;Project Code Scanner&lt;/strong&gt; permissions.&lt;/li&gt;
&lt;/ol&gt;
&lt;h2 id="how-to-generate-and-secure-an-authentication-token"&gt;How to Generate and Secure an Authentication Token&lt;a class="td-heading-self-link" href="#how-to-generate-and-secure-an-authentication-token" aria-label="Heading self-link"&gt;&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;Your tools need access to a token to communicate with the server. &lt;strong&gt;Never hardcode this token in
your source code.&lt;/strong&gt;&lt;/p&gt;</description></item></channel></rss>