Software development teams have embraced open source and DevOps as key ingredients for speeding the delivery of new functionality to the market. Likewise, build automation capabilities like continuous integration (CI) tools and package managers go hand-in-hand to deliver better software faster. As Black Duck Hub helps organizations identify and manage the use of open source software, we’ve proudly announced support for the most common build automation tools over the past few years — build tools like Maven and Gradle; package managers like npm, rubygems, CocoaPods and NuGet 2/3/4 and CI tools like Jenkins and Bamboo. But as the number of tools has multiplied, and as ease of configuration and integration have become increasingly important to our customers, we decided that we needed to take a new approach altogether. And that’s why we built Hub Detect.
Hub Detect removes the pain of identifying all the package managers and CI tools teams are using and configuring them individually to make Hub work the way they want in their environment. Instead, this new feature detects which package managers (if any) are being used and automatically pulls in and configures the right integrations for the scan.
What does it mean for our customers?
The most accurate open source identification possible.
Since Hub Detect knows which package managers are being used, it can also figure out the most effective way to scan and analyze the code. It combines Black Duck’s signature scanning with analysis of any package managers in use to produce a complete and accurate software Bill-of-Material (BoM) with minimum false positives/negatives.
Ease of integration.
Hub Detect can be added to any CI script execution block, which means it can be used within any CI tool that runs shell based post-build steps. That includes the most popular tools used today: Jenkins, Bamboo, TeamCity, CircleCI, Team Services, TFS, Travis CI, GitLab CI, AWS CodeBuild, Pivotal concourse and more. One line of code and you’re off and running.
Ease of use.
We heard customers tell us that configuring Hub plugins to scan individual package managers was becoming a problem, especially as the number of package managers they used grew. With Hub Detect, that’s no longer an issue. Just run the script and Detect does the work for you. Previously, with major Hub releases, our plugins had to be reinstalled and re-configured. Hub Detect is much simpler. Just add one line to your CI script or invoke it within a build script using Detect’s Command Line Interface. Since there’s no installation, Detect updates itself automatically as needed, giving you immediate access to the latest enhancements.
Hub Detect allows Black Duck Hub to run seamlessly within any DevOps toolchain, regardless of the tools you’re using. It provides universal, simple, one-time configuration that automatically finds the best way to analyze your code. Start using Hub Detect today and we’re confident you’ll see significant benefits.
This post was originally published August 15, 2017.