Install and Configure Black Duck® Binary Analysis

Integration with Black Duck® Binary Analysis, a Software Composition Analysis (SCA) tool, enables Seeker to detect known security vulnerabilities in third-party components included in applications, as well as secret information leakages.

An advantage of this integration is that Seeker will only analyze components that are actually loaded and used by tested applications, skipping unused components. This eliminates irrelevant vulnerability detections.

BDBA is delivered as a virtual appliance of the following types:

  • On-premises dedicated to Seeker: hosted on premises but accessed via Seeker. Seeker manages the license and user credentials automatically.
  • On-premises shared: hosted on premises. Users have separate licenses and connect to BDBA with their own credentials.
  • Cloud: hosted on cloud. Users have separate licenses and connect to BDBA with their own credentials.

Installation

For information about installing an on-premises BDBA appliance, either dedicated to Seeker or shared, refer to Installing Black Duck Binary Analysis as a Virtual Appliance.

To install an On-premises dedicated to Seeker appliance:

  1. Download the BDBA package from the Seeker download page on the https://community.blackduck.com/s/.
  2. Install the appliance as described in the guide.
  3. Ensure that the appliance is accessible from your Seeker server.

License

  • For a On-premises dedicated to Seeker appliance:

    Your Seeker license includes a limited BDBA license that enables Seeker to automatically analyze 3rd-party components but doesn't allow access to the BDBA user interface and APIs. The license is managed by Seeker, so you don't need to install it.

  • For the Cloud and On-premises shared appliance types:

    Once you have a running instance of your BDBA appliance, install the license, as described in the Installing Licenses section of the BDBA guide.

Configuration

To configure your BDBA appliance, perform the following steps:

  1. In the main menu, click (Settings) > Integration.
  2. Toggle the Enabled switch for Black Duck® Binary Analysis on and click Configure.
  3. Enter the following properties.
    PropertyDescription
    Appliance type Choose the relevant BDBA appliance type.

    For On-premises dedicated to Seeker , the credentials for BDBA are managed by Seeker, so you don't need to configure them here.
    URL The host name of BDBA, which should be accessible to Seeker. We recommend using a host name or an external name rather than an IP address, unless the IP address is fixed or static.
    Authentication type
    • For the Cloud appliance type, you can choose only API token.
    • For the On-premises shared appliance type, choose either Basic authentication or API token.
    Advanced settings From the Proxies dropdown list, select a proxy for connecting to this system.

    If you don't have any configured proxies for this purpose, click Add proxy, and configure one.

    For instructions, see Configure Proxies for External Systems.
    API token For the API token authentication type, enter a valid API token for BDBA.
    Username, Password For Basic authentication, enter user credentials for BDBA.
    Edit Credentials For the On-premises dedicated to Seeker appliance type, click this button if you need to supply different credentials for BDBA.
    Automatic update of vulnerability definitions (OFF/ON) For the On-premises dedicated to Seeker appliance type, you can choose to automatically update its vulnerability definitions:
    1. Click Turn on automatic update.
    2. In the dialog box that opens, enter your https://community.blackduck.com/s/ credentials, and click Send credentials.
    3. If an error message is displayed, make sure that your credentials and the appliance configuration are correct, and try again.
    Note: Once automatic update is turned on, it will work as long as the credentials are valid. If needed to change them, click Edit credentials.
  4. Click Connect account. If the connection fails, an error message is displayed. Make sure that your account settings are correct, and try again.
  5. Click Save.

Once your account is connected, the BDBA appliance version number appears next to the connection indicator.

Note: You can enable or disable this feature for any individual project by navigating to Projects > <project> > Analysis > Checkers, and enabling or disabling the Vulnerable Component (SCA) checker.