Skip to main content

How to integrate Black Duck account?

Overview

To authenticate with Black Duck SCA, you will need the following information:

  • Black Duck Server URL (your instance URL)
  • API Token (Bearer token)

Step 1: Login to Black Duck Console

  1. Sign in to your Black Duck instance at https://<your-instance>/
    • On-premise: https://<server-name>:<port>/
    • SaaS: https://<organization>.blackduck.com/
  2. Ensure you have System Administrator, Project Creator, or appropriate role with API access

Step 2: Navigate to User Settings

  1. Click on your username in the top-right corner
  2. Select My Access Tokens from the dropdown menu
    • Or navigate to: SettingsMy ProfileMy Access Tokens

Step 3: Generate API Token

  1. Click Create New Token or Add Token

  2. Fill in the token details:

    Token Configuration:

    • Name: Enter a descriptive name (e.g., "Unizo Integration")
    • Description: Add details about the integration purpose
    • Scope: Select the appropriate permissions

  3. Select Token Scope/Permissions:

    Available Scopes:

    • read: Read-only access to projects and vulnerabilities
    • write: Create and modify projects, policies
    • delete: Delete projects and data
    • admin: Administrative operations

    Recommended for Vulnerability Management:

    • Minimum: read scope for vulnerability scanning
    • Full integration: read + write scopes

  4. Set Token Expiration:

    • Select expiration period (90 days, 180 days, 1 year)
    • Or choose Never Expires (not recommended for production)

  5. Click Create or Generate

Step 4: Copy API Token

After creation, Black Duck will display your API token:

  1. Copy the API token immediately - it's displayed only once
  2. The token will be a long alphanumeric string (JWT format)
  3. Store it securely in a secrets manager

Important:

  • The token is shown only once
  • If lost, you must generate a new token
  • Keep the token confidential

Step 5: Collect Required Values

You now have all credentials needed for integration:

  1. Server URL: Your Black Duck instance URL
    • Format: https://<your-instance>.blackduck.com
    • Or for on-premise: https://<server>:<port>
  2. API Token: The bearer token from Step 4