{"id":25506601,"url":"https://github.com/blackducksoftware/bd-offline-scanning-solution","last_synced_at":"2025-11-17T10:30:16.651Z","repository":{"id":41939583,"uuid":"264976511","full_name":"blackducksoftware/bd-offline-scanning-solution","owner":"blackducksoftware","description":"An example of generating Synopsys Detect scans off-line and then uploading them programmtically using the REST API","archived":false,"fork":false,"pushed_at":"2022-12-12T19:54:43.000Z","size":3778,"stargazers_count":1,"open_issues_count":6,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2023-03-11T10:28:37.031Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blackducksoftware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-05-18T15:10:23.000Z","updated_at":"2022-09-05T10:00:31.000Z","dependencies_parsed_at":"2023-01-28T00:31:00.847Z","dependency_job_id":null,"html_url":"https://github.com/blackducksoftware/bd-offline-scanning-solution","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackducksoftware%2Fbd-offline-scanning-solution","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackducksoftware%2Fbd-offline-scanning-solution/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackducksoftware%2Fbd-offline-scanning-solution/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackducksoftware%2Fbd-offline-scanning-solution/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blackducksoftware","download_url":"https://codeload.github.com/blackducksoftware/bd-offline-scanning-solution/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239612001,"owners_count":19668275,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-19T06:58:48.765Z","updated_at":"2025-11-17T10:30:16.563Z","avatar_url":"https://github.com/blackducksoftware.png","language":"C","readme":"# Managing Off-line Scans using Synopsys Black Duck\n\nThis project supplies a script which wraps Detect to show how to:\n\n1. Generate scans off-line and store them\n2. Create custom field data for the project-version that the scans will (later) be mapped to\n3. How to upload the scans (later) using the Black Duck REST API and the *blackduck* PYPI library\n\n## References\n\n- https://blackducksoftware.github.io/synopsys-detect/6.1.0/\n- https://blackducksoftware.github.io/synopsys-detect/6.1.0/30-running/\n\n## Setup\n\n1. Download the (latest) detect jar and place it in the **detect_files** folder\n\n2. Download the signature scanner cli for whichever Black Duck version you have and place it in the **detect_files** folder\n\n3. Install whatever package manager tools are needed\n   - This repository includes a set of test files in **test_project** that includes a sample maven and node/npm project\n   - For Synopsys Detect to inspect the maven and node/npm project files you *must* install maven and npm\n   \n4. Install the Python3 requirements using the supplied requirements.txt file, e.g. \n\n   ```bash\n   pip3 install -r requirements.txt\n   ```\n5. Create a .restconfig.json file to provide the *blackduck* PyPi library (installed in previous step) with the information to connect with your Black Duck server. See https://github.com/blackducksoftware/hub-rest-api-python/blob/master/restconfig.json.api_token.example for a sample file.\n\n### Downloading Synopsys Detect and the Signature Scanner CLI\n\nOne of the easiest ways to download both the Detect jar and the signature scanner is to run Synopsys Detect on-line with --detect.cleanup=false. Then:\n\n1. Copy the detect jar from the /tmp folder\n2. Copy the signature scanning CLI from ~/blackduck/tools/Black_Duck_Scan_Installation/scan.cli-version\n\nWhen you have downloaded Synopsys Detect and the signature scanner cli, your *detect_files* folder should look something like this,\n\n```\n$ ls ~/detect_files/\nscan.cli-2019.10.3/        scan.cli-2019.12.1/        scan.cli-2019.4.3/         scan.cli-2020.2.1/         scan.cli-2020.4.0/         synopsys-detect-6.2.1.jar\n```\n\nNote that in this instance signature scanner cli's were downloaded for multiple versions of Black Duck:\n\n- v2019.4.3\n- v2019.10.3\n- v2019.12.1\n- v2020.4.0\n\nSynopsys Detect v6.2.1 was downloaded and is shown above.\n\n## Running the Script to Generate Off-line Scans\n\nYou need to edit and set the following parameters before running the script:\n\n1. BD_VERSION if different from v2020.4.0\n2. SCAN_CLI_VERSION if different from 2020.4.0 (note the 'v' is removed)\n\nOnce that is done you can run the script by doing,\n\n```\n./run_detect_local.bash\n```\n\nSee the sample output in **detect.log** from the above to see what you should get.\n\nThe scan files, a file containing custom field values, and a manifest will be stored into a version-specific folder that is created to store the output files into. It will look something like this,\n\n```\n$ ls v2020.4.0/\ncustom-field-values.json                              test_project_1_0_maven_bom.jsonld\ngsnyder-mac-test_project-2020-05-15T193210.648Z.json  test_project_1_0_npm_bom.jsonld\nmanifest.json\n```\n\n\n\n## Uploading Scan Files \n\nA python script is supplied for creating the Project Version custom fields on the Black Duck server which should be run one-time (or just create the fields manually using the BD GUI), e.g.\n\n```\npython3 create_custom_fields.py\n```\n\nThen, to upload the scan files along with custom field values generated by the **run_detect_local.bash** script do,\n\n```\npython3 upload_scans.py v2020.4.0/manifest.json\n```\n\nIf you want to upload the scans and map them to a different project and/or version do,\n\n```\npython3 upload_scans.py v2020.4.0/manifest.json -p new-project -v new-version\n```\n\nThe python script will modify the scan files, and custom field file, on-the-fly to re-map all the data to the desired project and/or version.","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackducksoftware%2Fbd-offline-scanning-solution","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblackducksoftware%2Fbd-offline-scanning-solution","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackducksoftware%2Fbd-offline-scanning-solution/lists"}