bd-offline-scanning-solution
所属分类:硬件设计
开发工具:C
文件大小:0KB
下载次数:0
上传日期:2022-12-12 19:54:43
上 传 者:
sh-1993
说明: 离线生成Synopsys Detect扫描,然后使用REST API以编程方式上传它们的示例,
(An example of generating Synopsys Detect scans off-line and then uploading them programmtically using the REST API,)
文件列表:
LICENSE (11357, 2020-05-18)
create_custom_fields.py (1423, 2020-05-18)
detect.log (36478, 2020-05-18)
requirements.txt (10, 2020-05-18)
run_all.bash (976, 2020-05-18)
run_detect_local.bash (4991, 2020-05-18)
test_project/ (0, 2020-05-18)
test_project/.DS_Store (6148, 2020-05-18)
test_project/MercurialToolbar/ (0, 2020-05-18)
test_project/MercurialToolbar/MercurialToolbar.vsix (57379, 2020-05-18)
test_project/OpenSSL/ (0, 2020-05-18)
test_project/OpenSSL/ca-key.pem (887, 2020-05-18)
test_project/OpenSSL/ca-req.pem (631, 2020-05-18)
test_project/OpenSSL/cert.pem (623, 2020-05-18)
test_project/OpenSSL/certs/ (0, 2020-05-18)
test_project/OpenSSL/certs/052eae11.0 (871, 2020-05-18)
test_project/OpenSSL/certs/18d46017.0 (1084, 2020-05-18)
test_project/OpenSSL/certs/1ef89214.0 (900, 2020-05-18)
test_project/OpenSSL/certs/24867d38.0 (2674, 2020-05-18)
test_project/OpenSSL/certs/2edf7016.0 (984, 2020-05-18)
test_project/OpenSSL/certs/3ecf89a3.0 (3240, 2020-05-18)
test_project/OpenSSL/certs/6bee6be3.0 (2945, 2020-05-18)
test_project/OpenSSL/certs/73912336.0 (2264, 2020-05-18)
test_project/OpenSSL/certs/7651b327.0 (989, 2020-05-18)
test_project/OpenSSL/certs/8c401b31.0 (753, 2020-05-18)
test_project/OpenSSL/certs/ICE-CA.pem (2945, 2020-05-18)
test_project/OpenSSL/certs/ICE-root.pem (2314, 2020-05-18)
test_project/OpenSSL/certs/ICE-user.pem (3240, 2020-05-18)
test_project/OpenSSL/certs/ICE.crl (471, 2020-05-18)
test_project/OpenSSL/certs/a99c5886.0 (1017, 2020-05-18)
test_project/OpenSSL/certs/adbec561.0 (2314, 2020-05-18)
test_project/OpenSSL/certs/b5f329fa.0 (989, 2020-05-18)
test_project/OpenSSL/certs/c33a80d4.0 (1155, 2020-05-18)
test_project/OpenSSL/certs/ddc328ff.0 (1127, 2020-05-18)
test_project/OpenSSL/certs/dsa-ca.pem (2264, 2020-05-18)
test_project/OpenSSL/certs/dsa-pca.pem (2674, 2020-05-18)
test_project/OpenSSL/certs/expired/ (0, 2020-05-18)
test_project/OpenSSL/certs/expired/ICE-CA.pem (2945, 2020-05-18)
test_project/OpenSSL/certs/expired/ICE-root.pem (2314, 2020-05-18)
... ...
# Managing Off-line Scans using Synopsys Black Duck
This project supplies a script which wraps Detect to show how to:
1. Generate scans off-line and store them
2. Create custom field data for the project-version that the scans will (later) be mapped to
3. How to upload the scans (later) using the Black Duck REST API and the *blackduck* PYPI library
## References
- https://blackducksoftware.github.io/synopsys-detect/6.1.0/
- https://blackducksoftware.github.io/synopsys-detect/6.1.0/30-running/
## Setup
1. Download the (latest) detect jar and place it in the **detect_files** folder
2. Download the signature scanner cli for whichever Black Duck version you have and place it in the **detect_files** folder
3. Install whatever package manager tools are needed
- This repository includes a set of test files in **test_project** that includes a sample maven and node/npm project
- For Synopsys Detect to inspect the maven and node/npm project files you *must* install maven and npm
4. Install the Python3 requirements using the supplied requirements.txt file, e.g.
```bash
pip3 install -r requirements.txt
```
5. Create a .restconfig.json file to provide the *blackduck* PyPi library (installed in previous step) with the information to connect with your Black Duck server. See https://github.com/blackducksoftware/hub-rest-api-python/blob/master/restconfig.json.api_token.example for a sample file.
### Downloading Synopsys Detect and the Signature Scanner CLI
One of the easiest ways to download both the Detect jar and the signature scanner is to run Synopsys Detect on-line with --detect.cleanup=false. Then:
1. Copy the detect jar from the /tmp folder
2. Copy the signature scanning CLI from ~/blackduck/tools/Black_Duck_Scan_Installation/scan.cli-version
When you have downloaded Synopsys Detect and the signature scanner cli, your *detect_files* folder should look something like this,
```
$ ls ~/detect_files/
scan.cli-2019.10.3/ scan.cli-2019.12.1/ scan.cli-2019.4.3/ scan.cli-2020.2.1/ scan.cli-2020.4.0/ synopsys-detect-6.2.1.jar
```
Note that in this instance signature scanner cli's were downloaded for multiple versions of Black Duck:
- v2019.4.3
- v2019.10.3
- v2019.12.1
- v2020.4.0
Synopsys Detect v6.2.1 was downloaded and is shown above.
## Running the Script to Generate Off-line Scans
You need to edit and set the following parameters before running the script:
1. BD_VERSION if different from v2020.4.0
2. SCAN_CLI_VERSION if different from 2020.4.0 (note the 'v' is removed)
Once that is done you can run the script by doing,
```
./run_detect_local.bash
```
See the sample output in **detect.log** from the above to see what you should get.
The scan files, a file containing custom field values, and a manifest will be stored into a version-specific folder that is created to store the output files into. It will look something like this,
```
$ ls v2020.4.0/
custom-field-values.json test_project_1_0_maven_bom.jsonld
gsnyder-mac-test_project-2020-05-15T193210.648Z.json test_project_1_0_npm_bom.jsonld
manifest.json
```
## Uploading Scan Files
A python script is supplied for creating the Project Version custom fields on the Black Duck server which should be run one-time (or just create the fields manually using the BD GUI), e.g.
```
python3 create_custom_fields.py
```
Then, to upload the scan files along with custom field values generated by the **run_detect_local.bash** script do,
```
python3 upload_scans.py v2020.4.0/manifest.json
```
If you want to upload the scans and map them to a different project and/or version do,
```
python3 upload_scans.py v2020.4.0/manifest.json -p new-project -v new-version
```
The python script will modify the scan files, and custom field file, on-the-fly to re-map all the data to the desired project and/or version.
近期下载者:
相关文件:
收藏者: