{"id":25506501,"url":"https://github.com/blackducksoftware/hub","last_synced_at":"2025-12-11T23:10:08.521Z","repository":{"id":19503990,"uuid":"87190769","full_name":"blackducksoftware/hub","owner":"blackducksoftware","description":"Black Duck Docker Orchestration Files/Documentation","archived":false,"fork":false,"pushed_at":"2025-03-06T19:02:05.000Z","size":360087,"stargazers_count":122,"open_issues_count":19,"forks_count":93,"subscribers_count":42,"default_branch":"master","last_synced_at":"2025-03-28T17:06:08.111Z","etag":null,"topics":["blackducksoftware","docker","hub"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/blackducksoftware/","language":"Shell","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blackducksoftware.png","metadata":{"files":{"readme":"README.containers.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-04-04T13:35:34.000Z","updated_at":"2025-03-06T19:02:08.000Z","dependencies_parsed_at":"2024-03-12T18:50:28.158Z","dependency_job_id":"b2dfd7b8-a7e6-42d8-83c7-783f5676f1c6","html_url":"https://github.com/blackducksoftware/hub","commit_stats":null,"previous_names":[],"tags_count":137,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackducksoftware%2Fhub","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackducksoftware%2Fhub/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackducksoftware%2Fhub/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackducksoftware%2Fhub/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blackducksoftware","download_url":"https://codeload.github.com/blackducksoftware/hub/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247226213,"owners_count":20904465,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blackducksoftware","docker","hub"],"created_at":"2025-02-19T06:58:00.347Z","updated_at":"2025-12-11T23:10:08.507Z","avatar_url":"https://github.com/blackducksoftware.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Containers\n----\n\nThere are a number of containers that make up the application. Here are quick descriptions for them.\n\n1. [Authentication Container (blackduck-authentication)](#-authentication-container-blackduck-authentication)\n2. [BOM Engine Container (blackduck-bomengine)](#-bom-engine-container-blackduck-bomengine)\n3. [Binary Analysis Worker Container (bdba-worker)](#-binary-analysis-worker-container-bdba-worker)\n4. [CA Container (blackduck-cfssl)](#-ca--container-blackduck-cfssl)\n5. [Documentation Container (blackduck-documentation)](#-documentation-container-blackduck-documentation)\n6. [Integration Container (blackduck-integration)](#-integration-container-artifactory-integration)\n7. [Job Runner Container (blackduck-jobrunner)](#-job-runner-container-blackduck-jobrunner)\n7. [LogStash Container (blackduck-logstash)](#-logstash--container-blackduck-logstash)\n9. [RabbitMQ Container (rabbitmq)](#-rabbitmq-container-rabbitmq)\n10. [Registration Container (blackduck-registration)](#-registration-container-blackduck-registration)\n11. [ScanMatch Container (blackduck-scan)](#-scanmatch-container-blackduck-scanmatch)\n12. [Storage Container (blackduck-storage)](#-storage-container-blackduck-storage)\n13. [Web App Container (blackduck-webapp)](#-web-app-container-blackduck-webapp)\n14. [Web Server Container (blackduck-nginx)](#-web-server-container-blackduck-nginx)\n\n# Web App Container (blackduck-webapp)\n----\n\n## Container Description\n\nThe web application is the container that all Web/UI/API requests are made against. It will also process any UI requests. The ports for the Web App are not\nexposed outside of the Docker\nnetwork. There is an NGiNX reverse proxy (mentioned below) will be be exposed outside of the Docker network instead.\n\n## Scalability\n\nThere should only be a single instance of this container. It currently cannot be scaled.\n\n## Links/Ports\n\nThis container will need to connect to these other containers/services:\n\n* postgres\n* registration\n* logstash\n* cfssl\n\nThe container will need to expose port 8443 to other containers that will link to it.\n\n## Alternate Host Name Environment Variables\n\nThere are times when running in other types of orchestrations that it is useful to have host names set for these containers that are not the default that Docker\nCompose or Docker Swarm use. These environment variables can be set to override the default host names:\n\n* postgres - $HUB_POSTGRES_HOST\n* registration - $HUB_REGISTRATION_HOST\n* logstash - $HUB_LOGSTASH_HOST\n* cfssl - $HUB_CFSSL_HOST\n\n## Users/Groups\n\nThis container runs as UID 8080. If the container is started as UID 0 (root) then the user will be switched to UID 8080:root before executing its main process.\nThis container is also able to be started as a random UID as long as it is also started within the root group (GID/fsGroup 0).\n\n# Authentication Container (blackduck-authentication)\n----\n\n## Container Description\n\nThe authentication service is the container that all authentication-related requests are made against.\n\n## Scalability\n\nThere should only be a single instance of this container. It currently cannot be scaled.\n\n## Links/Ports\n\nThis container will need to connect to these other containers/services\n\n* postgres\n* cfssl\n* logstash\n* registration\n* webapp\n\nThe container will need to expose 8443 to other containers that will links to it.\n\n## Alternate Host Name Environment Variables\n\n* postgres - $HUB_POSTGRES_HOST\n* cfssl - $HUB_CFSSL_HOST\n* logstash - $HUB_LOGSTASH_HOST\n* registration - $HUB_REGISTRATION_HOST\n* webapp - $HUB_WEBAPP_HOST\n\n## Users/Groups\n\nThis container runs as UID 100. If the container is started as UID 0 (root) then the user will be switched to UID 100:root before executing its main process.\nThis container is also able to be started as a random UID as long as it is also started within the root group (GID/fsGroup 0).\n\n# BOM Engine Container (blackduck-bomengine)\n----\n\n## Container Description\n\nThe BOM engine service is responsible for building BOMs and keeping them up-to-date.\n\n## Scalability\n\nThis container can be scaled.\n\n## Links/Ports\n\nThis container will need to connect to these other containers/services\n\n* postgres\n* cfssl\n* logstash\n* registration\n\nThe container will need to expose 8443 to other containers that will links to it.\n\n## Alternate Host Name Environment Variables\n\n* postgres - $HUB_POSTGRES_HOST\n* cfssl - $HUB_CFSSL_HOST\n* logstash - $HUB_LOGSTASH_HOST\n* registration - $HUB_REGISTRATION_HOST\n\n## Users/Groups\n\nThis container runs as UID 100. If the container is started as UID 0 (root) then the user will be switched to UID 100:root before executing its main process.\nThis container is also able to be started as a random UID as long as it is also started within the root group (GID/fsGroup 0).\n\n\n# ScanMatch Container (blackduck-scanmatch)\n----\n\n## Container Description\n\nThe scanmatch service is the container that all scan data requests are made against.\nIt is also responsible for making calls to the Knowlegde Base in the cloud and gather the components information.\n\n## Scalability\n\nThis container can be scaled.\n\n## Links/Ports\n\nThis container will need to connect to these other containers/services:\n\n* cfssl\n* logstash\n* postgres\n* registration\n\nThis container will need to expose port 8443 to other containers that will link to it.\n\n## Alternate Host Name Environment Variables\n\nThere are times when running in other types of orchestrations that it is useful to have host names set for these containers that are not the default that Docker\nCompose or Docker Swarm use. These environment variables can be set to override the default host names:\n\n* postgres - $HUB_POSTGRES_HOST\n* registration - $HUB_REGISTRATION_HOST\n* logstash - $HUB_LOGSTASH_HOST\n* cfssl - $HUB_CFSSL_HOST\n\n## Users/Groups\n\nThis container runs as UID 8080. If the container is started as UID 0 (root) then the user will be switched to UID 8080:root before executing its main process.\nThis container is also able to be started as a random UID as long as it is also started within the root group (GID/fsGroup 0).\n\n# Storage Container (blackduck-storage)\n----\n\n## Container Description\n\nThe object storage service stores tools (files) for use by Detect,\ngenerated reports, uploaded SBOMs, BDIO files, and other bulk data.\nIf the Black Duck Binary Analysis feature is enabled uploaded binary\nfiles are stored here temporarily. If the source view feature is\nenabled source files are stored here.\n\n## Scalability\n\nThis container can be scaled, but if using a File storage provider all replicas must share the same persistent volume.\n\n## Links/Ports\n\nThis container will need to connect to these other containers/services:\n\n* registration\n* logstash\n* cfssl\n* rabbitmq\n\nThis container will need to expose port 8443 to other containers that will link to it.\n\n## Alternate Host Name Environment Variables\n\nThere are times when running in other types of orchestrations that it is useful to have host names set for these containers that are not the default that Docker\nCompose or Docker Swarm use. These environment variables can be set to override the default host names:\n\n* registration - $HUB_REGISTRATION_HOST\n* logstash - $HUB_LOGSTASH_HOST\n* cfssl - $HUB_CFSSL_HOST\n* rabbitmq - $RABBIT_MQ_HOST\n\n## Other configurable environment variables\n\n* Default disk size for source files: 4GB ($MAX_TOTAL_SOURCE_SIZE_MB)\n* Default Data Retention Days: 180 ($DATA_RETENTION_IN_DAYS)\n\n## Users/Groups\n\nThis container runs as UID 100. If the container is started as UID 0 (root) then the user will be switched to UID 100:root before executing its main process.\nThis container is also able to be started as a random UID as long as it is also started within the root group (GID/fsGroup 0).\n\n# Job Runner Container (blackduck-jobrunner)\n----\n\n## Container Description\n\nThe Job Runners will be the containers that are responsible for all of the application's job running. This includes matching, bom building, reports, data\nupdates, etc. This container will not have any exposed ports.\n\n## Scalability\n\nThis container can be scaled.\n\n## Links/Ports\n\nThis container will need to connect to these other containers/services:\n\n* postgres\n* registration\n* logstash\n* cfssl\n\n## Alternate Host Name Environment Variables\n\nThere are times when running in other types of orchestrations that any individual service name may be different. For example:\n\n- You may have an external postgres endpoint which is resolved through a different service name.\n\nTo support any such use case, these environment variables can be set to override the default service names:\n\n* postgres - $HUB_POSTGRES_HOST\n* registration - $HUB_REGISTRATION_HOST\n* logstash - $HUB_LOGSTASH_HOST\n* cfssl - $HUB_CFSSL_HOST\n\n## Users/Groups\n\nThis container runs as UID 100. If the container is started as UID 0 (root) then the user will be switched to UID 100:root before executing its main process.\nThis container is also able to be started as a random UID as long as it is also started within the root group (GID/fsGroup 0).\n\n\n# Registration Container (blackduck-registration)\n----\n\n## Container Description\n\nThe container is a small service that will handle registration requests from the other containers. At periodic intervals this container will connect to the\nBlack Duck Registration Service and obtain registration updates.\n\n## Scalability\n\nThere should only be a single instance of this container. It currently cannot be scaled.\n\n## Links/Ports\n\nThis container will need to connect to these other containers/services:\n\n* logstash\n* cfssl\n\nThe container will need to expose port 8443 to other containers that will link to it.\n\n## Alternate Host Name Environment Variables\n\nThere are times when running in other types of orchestrations that it is useful to have host names set for these containers that are not the default that Docker\nCompose or Docker Swarm use. These environment variables can be set to override the default host names:\n\n* logstash - $HUB_LOGSTASH_HOST\n* cfssl - $HUB_CFSSL_HOST\n\n## Users/Groups\n\nThis container runs as UID 8080. If the container is started as UID 0 (root) then the user will be switched to UID 8080:root before executing its main process.\nThis container is also able to be started as a random UID as long as it is also started within the root group (GID/fsGroup 0).\n\n\n## DB Container (blackduck-postgres)\n----\n\n### Container Description\n\nThe DB container will hold the PostgreSQL database. At this point there will be a single instance of this container. This is where all of the application data\nwill be stored. There will likely be two sets of ports for Postgres. One port will be exposed to containers within the Docker network. This is the connection\nthat the application will use. This port will be secured via certificate authentication. There will be a second port that will be exposed outside of the Docker\nnetwork. This will allow a read-only user to connect via a password set externally. This port and user can be used for reporting and data extraction.\n\n### Scalability\n\nThere should only be a single instance of this container. It currently cannot be scaled.\n\n### Links/Ports\n\nThis container will need to connect to these other containers/services:\n\n* cfssl\n* logstash\n\nThe container will need to expose port 5432 to other containers that will link to it.\n\n### Alternate Host Name Environment Variables\n\nThere are times when running in other types of orchestrations that any individual service name may be different. For example:\n\n- You may have an external logstash endpoint for your log sink.\n\nIn this case, these environment variables can be used to replace service names.\n\n* logstash - $HUB_LOGSTASH_HOST\n* cfssl - $HUB_CFSSL_HOST\n\n## Users/Groups\n\nThis container runs as UID 1001 by default. If the container is started as UID 0 (root) then the user will be switched to UID 1001:root before executing its\nmain process.\n\n\n## DB Upgrade Container (blackduck-postgres-upgrader)\n----\n\n### Container Description\n\nThe DB Upgrade container is a transient container that performs database version upgrades (e.g., from PostgreSQL 9.6.x to PostgreSQL 11.x) when necessary, then\nexits.\n\n### Scalability\n\nThere should only be a single instance of this container. It currently cannot be scaled.\n\n### Links/Ports\n\nThis container does not connect to any other containers/services.\n\n## Users/Groups\n\nThis container runs as UID 0 by default. If upgrading Black Duck from a version prior to 2022.2.0, the container must be run with a UID having permission to\nrestructure the PostgreSQL data volume and change its ownership from UID 70 to UID 1001.\n\n\n## DB Readiness Check Container (blackduck-postgres-waiter)\n----\nThis container is only deployed in Kubernetes environments.\n\n### Container Description\n\nThe DB Readiness Check container is an init container in each of the Kubernetes pods that make database access. It is part of each pod where database access is\nneeded, and it merely waits until the PostgreSQL server is ready to accept connections.\n\n### Scalability\n\nThis container is an init container and is therefore not explicitly scaled.\n\n### Links/Ports\n\nThis container needs to connect to the PostgreSQL database server.\n\n## Users/Groups\n\nThis container runs as UID 1001 by default. Do not run it as root.\n\n\n# Documentation Container (blackduck-documentation)\n----\n\n## Container Description\n\nThe Documentation container will serve documentation for the application.\n\n## Scalability\n\nThere should only be a single instance of this container. It currently cannot be scaled.\n\n## Links/Ports\n\nThis container will need to connect to these other containers/services:\n\n* logstash\n* cfssl\n\nThe container will need to expose port 8443 to other containers that will link to it.\n\n## Alternate Host Name Environment Variables\n\nThere are times when running in other types of orchestrations that it is useful to have host names set for these containers that are not the default that Docker\nCompose or Docker Swarm use. These environment variables can be set to override the default host names:\n\n* logstash - $HUB_LOGSTASH_HOST\n* cfssl - $HUB_CFSSL_HOST\n\n## Users/Groups\n\nThis container runs as UID 8080. If the container is started as UID 0 (root) then the user will be switched to UID 8080:root before executing its main process.\nThis container is also able to be started as a random UID as long as it is also started within the root group (GID/fsGroup 0).\n\n\n# Web Server Container (blackduck-nginx)\n----\n\n## Container Description\n\nThe NGiNX container will be a reverse proxy for containers within the application. It will have ports exposed outside of the Docker network. This is the\ncontainer that will be configured for HTTPS. There will be config volumes here to allow the configuration of HTTPS.\n\n## Scalability\n\nThere should only be a single instance of this container. It currently cannot be scaled.\n\n## Links/Ports\n\nThis container will need to connect to these other containers/services:\n\n* cfssl\n* webapp\n* documentation\n* scan\n* authentication\n* storage\n\nThis container should expose port 443 outside of the docker network.\n\n## Alternate Host Name Environment Variables\n\nThere are times when running in other types of orchestrations that any individual service name may be different. For example:\n\n- You may have an external cfssl endpoint.\n\n* webapp - $HUB_WEBAPP_HOST\n* authentication - $HUB_AUTHENTICATION_HOST\n* scanmatch - $HUB_SCANMATCH_HOST\n* cfssl - $HUB_CFSSL_HOST\n* documentation - $HUB_DOC_HOST\n* storage - $BLACKDUCK_STORAGE_HOST\n\n## Users/Groups\n\nThis container runs as UID 100. If the container is started as UID 0 (root) then the user will be switched to UID 100:root before executing its main process.\nThis container is also able to be started as a random UID as long as it is also started within the root group (GID/fsGroup 0).\n\n* logstash\n\nThe container will need to expose port 2181 to other containers that will link to it.\n\n## Alternate Host Name Environment Variables\n\nThere are times when running in other types of orchestrations that any individual service name may be different. For example, You may have an external logstash\nendpoint which is resolved through a different service name.\n\nTo support any such use case, these environment variables can be set to override the default service names:\n\n* logstash - $HUB_LOGSTASH_HOST\n\n## Users/Groups\n\nThis container runs as UID 1000. If the container is started as UID 0 (root) then the user will be switched to UID 1000:root before executing its main process.\nThis container is also able to be started as a random UID as long as it is also started within the root group (GID/fsGroup 0).\n\n\n# LogStash  Container (blackduck-logstash)\n----\n\n## Container Description\n\nThe LogStash container will collect and store logs for all of the containers.\n\n## Scalability\n\nThere should only be a single instance of this container. It currently cannot be scaled.\n\n## Links/Ports\n\nThe container will need to expose port 5044 to other containers/services that will link to it.\n\n## Users/Groups\n\nThis container runs as UID 100. If the container is started as UID 0 (root) then the user will be switched to UID 100:root before executing its main process.\nThis container is also able to be started as a random UID as long as it is also started within the root group (GID/fsGroup 0).\n\n\n# CA  Container (blackduck-cfssl)\n----\n\n## Container Description\n\nThe CA container is currently using cfssl. This is used for certificate generation for postges, nginx, and clients that need to authenticate to postgres.\nThis container is also used to generate tls certificates for the internal containers that make up the application.\n\n## Scalability\n\nThere should only be a single instance of this container. It currently cannot be scaled.\n\n## Links/Ports\n\nThe container will need to expose port 8888 to other containers/services that will link to it.\n\n## Users/Groups\n\nThis container runs as UID 100. If the container is started as UID 0 (root) then the user will be switched to UID 100:root before executing its main process.\nThis container is also able to be started as a random UID as long as it is also started within the root group (GID/fsGroup 0).\n\n# RabbitMQ Container (rabbitmq)\n----\n\n## Container Description\n\nThis container will be used to facilitate upload information to the binary analysis worker as well as to transfer data between containers of the Blackduck\nsystem during rapid scanning and full scanning modes. It will expose ports within the Docker network, but not outside the Docker network.\nThis container will be running by default.\n\n## Scalability\n\nThere should only be a single instance of this container. It currently cannot be scaled.\n\n## Links/Ports\n\nThis container will need to connect to these other containers/services:\n\n* cfssl\n* scanmatch\n* bomengine\n* bdba-worker\n\nThe container will need to expose port 5671 to other containers that will link to it.\n\n## Alternate Host Name Environment Variables\n\nThere are times when running in other types of orchestrations that any individual service name may be different. For example, You may have an external logstash\nendpoint which is resolved through a different service name.\n\nTo support any such use case, these environment variables can be set to override the default service names:\n\n* cfssl - $HUB_CFSSL_HOST\n\n## Users/Groups\n\nThis container runs as UID 100. If the container is started as UID 0 (root) then the user will be switched to UID 100:root before executing its main process.\nThis container is also able to be started as a random UID as long as it is also started within the root group (GID/fsGroup 0).\n\n\n# Binary Analysis Worker Container (bdba-worker)\n----\n\n## Container Description\n\nThis container will analyze binary files.\nThis container is currently only used if Binary Analysis is enabled.\n\n## Scalability\n\nThis container can be scaled.\n\n## Links/Ports\n\nThis container will need to connect to these other containers/services:\n\n* cfssl\n* logstash\n* rabbitmq\n* webserver\n\nThe container will need to expose port 5671 to other containers that will link to it.\n\n## Alternate Host Name Environment Variables\n\nThere are times when running in other types of orchestrations that any individual service name may be different. For example, You may have an external logstash\nendpoint which is resolved through a different service name.\n\nTo support any such use case, these environment variables can be set to override the default service names:\n\n* cfssl - $HUB_CFSSL_HOST\n* logstash - $HUB_LOGSTASH_HOST\n* rabbitmq - $RABBIT_MQ_HOST\n* webserver - $HUB_WEBSERVER_HOST\n\n## Users/Groups\n\nThis container runs as UID 0.\n\n# Integration Container\n----\n\n## Container Description\n\nThis container is only deployed in Kubernetes environments. This container is required for the Artifactory Integration feature and is unused otherwise.\n\n## Scalability\n\nThere should only be a single instance of this container. It currently cannot be scaled.\n\n## Links/Ports\n\nThis container will need to connect to these other containers/services:\n\n* logstash\n* cfssl\n* scan\n* bomengine\n* rabbitmq\n\nThis container will need to expose port 8443 to other containers that will link to it.\n\n## Users/Groups\n\nThis container runs as UID 100. If the container is started as UID 0 (root) then the user will be switched to UID 100:root before executing its main process.\nThis container is also able to be started as a random UID as long as it is also started within the root group (GID/fsGroup 0).\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackducksoftware%2Fhub","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblackducksoftware%2Fhub","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackducksoftware%2Fhub/lists"}