Black Duck Setup Considerations

To run Black Duck in Code Sight, a system must meet certain requirements.

Java Support

The system must be configured to run the Java® Development Kit (JDK), release 8 or higher.

Scanning Tool

We highly recommend that you verify that the locally installed Black Duck scanning component, Synopysys Detect, is the most recent version. Recent versions of Detect are posted in the Synopsys Artifactory.

The Package Manager and Build Support

The package manager for the projects to analyze, and the build tool or tools it uses, must have been installed and be specified in the system’s PATH variable.

User Credentials

Each user account must be configured to meet the following conditions:

  • The user must have access to check for component security vulnerabilities.

  • It must be possible to check each component against the projects accessible to the user, and the global policies configured on the Black Duck server.

  • All dependencies must be resolvable. That is to say, each dependency must have been installed using the package manager’s cache, virtual environment, and other environmental settings.

Internet Access

To communicate with the Black Duck server, the system must be connected to the Internet.

Remember: Internet access is also needed when you install Code Sight, to download Code Sight itself, and also the Synopsys Detect application, if this is not already present on the system. See Installation.

The plug-in downloads the Detect application from the URL that is saved on the Administration > System Settings page for your Black Duck account. By default, this Hosting location value points to the Synopsys Artifactory. You can configure Black Duck to download Detect from a different location: See “To assign a new host location for the Black Duck (SCA) scanning tool”.