You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: overview.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,26 +1,26 @@
1
1
## Overview ##
2
2
3
-
The Black Duck plugin for TFS and Azure DevOps allows automatic detection of open source security vulnerabilities during your application build process. The integration allows you to enforce policies configured in Black Duck to receive alerts and fail builds when policy violations are met.
3
+
The Black Duck plugin for TFS and Azure DevOps allows automatic identification of open source security vulnerabilities during your application build process. The integration allows you to enforce policies configured in Black Duck to receive alerts and fail builds when policy violations are met.
4
4
5
5
## What is Black Duck? ##
6
6
7
-
[Black Duck by Synopsys](https://www.blackducksoftware.com/) helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios. Black Duck is powered by the world’s largest open source KnowledgeBase™, with information on 2 million open source projects and 79,000+ known security vulnerabilities. The KnowledgeBase™, combined with the broadest support for platforms, languages and integrations, is why 2,000 organizations worldwide rely on Black Duck to secure and manage open source.
7
+
[Black Duck by Synopsys](https://www.blackducksoftware.com/) helps organizations identify and manage open source security, license compliance and operational risks across applications and containers. Black Duck is powered by the world’s largest open source KnowledgeBase™, which containins information from over 13,000 unique sources, includes support for over 80 programming languages, provides timely and enhanced vulnerability information, and is backed by a dedicated team of open source and security experts. The KnowledgeBase™, combined with the broadest support for platforms, languages and integrations, is why 2,000 organizations worldwide rely on Black Duck to secure and manage open source.
8
8
9
9
## Key Features ##
10
10
11
-
Open Source Discovery: Rapid scanning and identification of open source libraries, versions, license, and community activity powered by the Black Duck® KnowledgeBase™ – the industry’s most complete with detailed data on more than 2 million open source projects and 79,000+ known open source vulnerabilities.
11
+
Open Source Discovery: Rapid scanning and identification of open source libraries, versions, license, and community activity powered by the Black Duck® KnowledgeBase™.
12
12
13
13
14
14
15
-
Identify Open Source Risk: Create an inventory of all open source components in use and map them to known security vulnerabilities, giving you insight to the severity of the vulnerability.
15
+
Identify Open Source Risk: Create an inventory of all open source components in use which automatically maps them to known security vulnerabilities, giving you insight to the severity of the vulnerability.
16
16
17
17
18
18
19
19
Policy Enforcement: Leverage policy management to secure your code and manage your external and internal compliance mandates.
20
20
21
21
22
22
23
-
Risk Remediation: Make data-driven decisions around vulnerability remediation prioritization. See CVSS 2.0/3.0 scores as well as our own BDSA assessments and remediation guidance to quickly bring your projects back to compliance.
23
+
Risk Remediation: Make data-driven decisions around vulnerability remediation prioritization, powered by Black Duck Security Advisories (BDSA). BDSA provides enahnced security vulnerability data including possible fixes, workarounds, more technical data, exploit information, and accurate CVSS and CWE classifications all within 24 to 48 hours of a vulnerability being published.
24
24
25
25
26
26
@@ -38,18 +38,18 @@ Using other tools in your CI/CD pipeline such as Jenkins, Artifactory, and other
38
38
39
39
## Documentation ##
40
40
41
-
Instructions and examples for the TFS/Azure DevOps Extension are available on our [Public Confluence](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/622655/Running+Hub+Detect+with+TFS+or+Azure+DevOps)
41
+
Instructions and examples for the TFS or Azure DevOps Extension are available on our [Public Confluence](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/622655/Running+Hub+Detect+with+TFS+or+Azure+DevOps)
42
42
43
43
For information on the full capabilities of Detect visit [Black Duck Detect Docs](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/622633/Hub+Detect)
44
44
45
45
## Pre-Requisites ##
46
46
47
-
Before calling Detect in TFS/Azure DevOps, an active instance of Black Duck is required.
47
+
Before calling Detect in TFS or Azure DevOps, an active instance of Black Duck is required.
48
48
49
49
If you do not have Black Duck, refer to [Black Duck on the Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/black-duck-software.blackduck_hub_431) for more information.
50
50
51
51
Follow the steps to [Deploy Black Duck on Azure](https://synopsys.atlassian.net/wiki/spaces/PARTNERS/pages/7471182/Installing+Black+Duck+in+Azure+Using+the+Azure+Marketplace) for more information on deploying from the Azure Marketplace.
52
52
53
53
## Want to contribute? ##
54
54
55
-
Running into an issue? Want to contribute? All code for this extension is [available on Github](https://github.com/blackducksoftware/detect-for-tfs).
55
+
Running into an issue? Want to contribute? All code for this extension is [available on Github](https://github.com/blackducksoftware/detect-for-tfs).
0 commit comments