If you use Synopsys Black Duck® as your SCA tool, you can easily integrate it with Deepfactor.
Once integrated, Deepfactor will retrieve vulnerabilities for the observed dependencies using Black Duck® APIs.
Please follow the below steps to integrate Deepfactor with Black Duck.
1. Login to your Synopsys Black Duck® server. Click on the ‘System’ dropdown and navigate to the ‘My Access Tokens’ page.
2. Click on ‘Create a New Token.’ Please provide a name and description and check ‘Read Access.’ Copy the generated access token.
3. Login to your Deepfactor portal. Navigate to ‘Integrations’ from the top header menu.
4. Navigate to ‘Software Composition Analysis’ from the left sidebar menu.
5. Click on ‘Configure Blackduck’ and enter your Black Duck server URL and API Token.
6. Click ‘Save.’
After successful integration, Deepfactor will retrieve vulnerabilities from Black Duck for future instances launched with Deepfactor. Existing alerts for previous instances of your components will continue to show vulnerabilities retrieved from NVD.