A Sneak Peek into the Black Duck Hub Plugin for Eclipse

A Sneak Peek into the Black Duck Hub Plugin for Eclipse

The Black Duck Hub team is in the process of shipping a Hub plugin to support visibility into the open source contents of your Eclipse workspace. This plugin makes it easier for developers to look at components and sub-components, including declared & transitive dependencies in the context of open source risk before they get packaged up with an application.

What Are We Trying to Solve?

If you are java developer and are using Eclipse, you will be able to lookup component security metadata when you pull in any open source components (from Maven Central, etc.) and view security information to take remediation steps before checking in the code.

This solution will make the Black Duck scan available earlier, so security gaps in the code can be discovered much earlier in the process. The Hub scanner utilizes a more responsive and faster scanning solution to look up security vulnerabilities than the regular iScan. Hal Hearst discusses this in more detail in this blog post. The core idea is to employ multiple scan techniques to capture numerous pieces of evidence to help you corroborate your results from a wide gamut of sources. The Eclipse solution leverages one of them. Here's a sneak peek into what you can expect once the plugin is released on GitHub.

STEP 1: Configuring the Hub System

You start with a small config menu to set up a connection with your Black Duck Hub instance after downloading the plugin from GitHub.

Configuring your Hub system with Eclipse

Set your Hub system preferences

STEP 2: View Vulnerability Information

Once set up, you can now view vulnerability information in the Black Duck vulnerability view for components being used in Eclipse. (For example – declared dependencies mentioned in your pom.xml along with the transitive dependencies that get called during compilation will be captured here.) 

Vulnerability information for components in Eclipse

Dependencies called during compilation

Isn’t that exciting? The plugin will be open sourced and available for download at the end of this month! Now that’s what I call Christmas! :-) 

If you haven’t already, try the Black Duck Hub today to help you better manage the use of open source software in your application.  

Want to contribute to this project with new features and/or use cases? Visit here to talk directly with our Product team.

 

 Watch a 3 Minute Demo of the Black Duck Hub

0 Comments
Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.
0 Comments

MORE BY THIS AUTHOR

Why Binary Risk Management is Similar to Managing Your Wardrobe

| Jan 3, 2017

As we bid adieu to 2016 and welcome 2017, I'm thinking about the shift from the Continuous Integration (CI)/Build step to the binary repository space as a new control point within the software development cycle. Such dramatic changes aren't new in the software world, but what suprises me most

| MORE >

Automating Ticket Creation with Atlassian's JIRA

| Nov 16, 2016

Can you automate ticket creation for security vulnerabilities and policy violations that are (unintentionally) shipping out with your code?  Atlassian’s JIRA platform is close to an industry standard in bug tracking and ticketing. Whether you are agile, use waterfall or develop on an ad-hoc basis,

| MORE >