Prepare pre-integration tasks for Vulnerability Response Integration with Black Duck

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Plan and execute the pre-integration tasks for the Vulnerability Response Integration with Black Duck so that your integration is successful. The Vulnerability Response Integration with Black Duck assumes that you’re familiar with the Black Duck Software Composition Analysis (SCA) application and APIs.

    Before you begin

    Before you install and configure the Vulnerability Response Integration with Black Duck, you should run and install the Common Weakness Enumeration (CWE) integration, which is also used by Application Vulnerability Response. The CWE integration is installed with Vulnerability Response by default.
    Note:
    Although the NIST Vulnerability Database (NVD) data isn’t necessary to install the Black Duck Application Vulnerability Integration, it would be useful to have. For information on NVD, see Importing data with the NVD and CWE integrations and managing third-party libraries.

    Each integration record has a configured run-as user. The default value for this user is VR.System. Don’t change this value.

    Role required: App-Sec Manager group

    About this task

    Note:
    Before running the integration, make any necessary configuration changes that are based on your requirements.

    Validate your instance sizing by the number of application vulnerable items that you expect to import. An undersized instance can lead to long load times. If you don’t know the size of your instance, contact Customer Service and Support.

    The Vulnerability Response Integration with Black Duck requires an API URL and API token.

    Procedure

    Create the API token and key credentials.
    1. Log in to the Black Duck platform.
    2. Go to the user account menu and select API Credentials.
    3. Select Generate API Credentials.
    4. Record your credentials for later use.