Overview
Black Duck SCA gives you visibility into and control over open source risks within your applications and containers. Black Duck SCA allows you to scan applications and container images, identify all open source components, and detect any open source security vulnerabilities, compliance issues, or code-quality risks. By deploying Black Duck SCA on AWS and integrating it with the development tools you use in AWS, you can scan your cloud applications and images in your container registry, automate build scans in your CI pipeline, and stay notified on any security vulnerabilities or policy violations found in your open source code.
Highlights
- Scan code in your applications and containers to find open source related vulnerabilities in your codebase using the industry's most complete open source software KnowledgeBase for meta data on vulnerabilities and licensing.
- Ongoing monitoring and alerting on newly reported open source security vulnerabilities associated with open source in use.
- Set policies for open source projects, license types, and vulnerability tolerance. Quickly identify policy violations and manage exceptions by project and component.
Details
Pricing
Additional AWS infrastructure costs
Type | Cost |
---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
This is a BYOL AMI. Please see Licensing Terms.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Release Notes can be found in the help section of the Black Duck application.
Additional details
Usage instructions
The default administrator username is sysadmin.
The application typically takes about 5 minutes to start up completely, due to the Docker containers needing to initialize. The randomly generated password for the sysadmin user is stored on the EC2 Instance after creation. Connect to the instance via SSH, first, and navigate to /home/centos/hub.pwd. This file will contain the password. It is highly recommended that you change your sysadmin password upon login (After logging in and registering the software, in the upper right, click the sysadmin user name, and select "My Profile", there will be a configuration for "Change Password" near the center of the screen).
Access the application via a browser at https://<public_dns>.
This product generates and uses a Self-Signed Certificate. Documentation for how to configure custom certificates can be found in the README file enclosed in the instance, or in the Black Duck documentation. You will be prompted for your registration license key upon your first login. Use the registration key and credentials that were provided after registration.
To obtain a license please fill out the following form https://www.blackducksoftware.com/black-duck-hub-demo or contact Black Duck Sales at 1.781.891.5100
For more details, including how to SSH into the environment, please see the full documentation for the BlackDuck Hub AMI: https://synopsys.atlassian.net/wiki/spaces/PARTNERS/pages/7471220/Deploying+a+Black+Duck+AMI+on+AWS
Resources
Support
Vendor support
Contact us with any issues you may encounter.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.