Integrate Black Duck with Vulnetix. Use Synopsys Detect CLI to scan projects and export CycloneDX or SPDX SBOMs from the Black Duck platform for upload to Vulnetix.
SaaS platformCycloneDXSPDX
Run Black Duck in CI
Scan on every push and upload the results to Vulnetix:
- name: Run Black Duck Detect
uses: blackduck-inc/black-duck-security-scan@v2
with:
url: ${{ secrets.BLACKDUCK_URL }}
api_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Upload SBOM to Vulnetix
run: vulnetix upload --file blackduck-bom.cdx.json
env:
VULNETIX_API_KEY: ${{ secrets.VULNETIX_API_KEY }}
Centralise Black Duck results in Vulnetix
Upload Black Duck CycloneDX, SPDX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.