Customer Driven Features Live in Black Duck Hub 4.4 Release


How can you not love customer feedback when it helps you improve your product? At Black Duck Flight, I had the opportunity to speak to a lot of customers, plus detailed discussions with our Customer Advisory Board members. This knowledge helped us build out the latest release of Black Duck Hub with new features that enhance both security and license compliance management.


Hub 4.4 helps you identify the component versions that have encryption algorithms. You can filter components by those known to contain encryption. Those components are listed with a new Cryptography icon on the bill of materials (BOM).

Note: While components added manually to existing BOMs now display cryptography information, legacy BOMs may require a rescan for cryptography data to display. In addition, this feature is an add-on module available for purchase. For internal servers, you need to update your registration key in order to use this feature.

Black Duck Academy

REST APIs Authentication Through an API Key

The Hub allows you to generate one or more “tokens” for accessing the Hub APIs. These tokens can replace the use of username/password credentials in integration configurations, such as Jenkins or for the Scan Client command line interface (CLI). With access tokens, if a security breach occurs, user credentials (possibly Single sign-on (SSO) or Lightweight Directory Access Protocol (LDAP) credentials) are not directly compromised

New Scan Service

To improve scalability and user interface (UI) performance, the Hub now leverages a new scan service. This service can be scaled up (like Job Runners) per customer needs and frees the web application from processing data from incoming scans.

Feature Improvements

In addition, we implemented some improvements to various features, including:

  • Improved license management, with the ability to edit KnowledgeBase licenses (including license family).
  • Enhanced user management capabilities, allowing group synchronization from identity providers (IdP) via Security Assertion Markup Language (SAML). This allows us to automatically create user groups and assign the users to those groups.
  • In the Hub Scanner, dependency detection is now an optional parameter. If you want to scan via the CLI and look for dependencies, you need to pass in the “—dependencyScan” option.

Note: Hub Detect is still the recommended best practice for scanning. 

Scan Nirvana: Hub Detect for All Native Build & CI Tools

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


The True Cost of a Cyber-Attack: Reflections from HPE Protect

| Sep 16, 2016

This past week I had the opportunity to attend the HPE Protect 2016 conference. For three days I talked with HPE employees, industry leading security vendors, and more security professionals than I could possibly meet. But for me, the best part of the event was the breakout sessions. They were

| MORE >

Four Open Source Policies You Can’t Live Without

| Apr 6, 2016

Open source software use has exploded in the last 10 years, and the benefits –  economic, time to market, security and quality – are well documented. Companies that embrace and encourage the use of open source software are reaping those benefits. However, to fully capitalize on the value of open

| MORE >