A Sneak Peek into the Black Duck Hub Plugin for Eclipse

A Sneak Peek into the Black Duck Hub Plugin for Eclipse

The Black Duck Hub team is in the process of shipping a Hub plugin to support visibility into the open source contents of your Eclipse workspace. This plugin makes it easier for developers to look at components and sub-components, including declared & transitive dependencies in the context of open source risk before they get packaged up with an application.

What Are We Trying to Solve?

If you are java developer and are using Eclipse, you will be able to lookup component security metadata when you pull in any open source components (from Maven Central, etc.) and view security information to take remediation steps before checking in the code.

This solution will make the Black Duck scan available earlier, so security gaps in the code can be discovered much earlier in the process. The Hub scanner utilizes a more responsive and faster scanning solution to look up security vulnerabilities than the regular iScan. Hal Hearst discusses this in more detail in this blog post. The core idea is to employ multiple scan techniques to capture numerous pieces of evidence to help you corroborate your results from a wide gamut of sources. The Eclipse solution leverages one of them. Here's a sneak peek into what you can expect once the plugin is released on GitHub.

STEP 1: Configuring the Hub System

You start with a small config menu to set up a connection with your Black Duck Hub instance after downloading the plugin from GitHub.

Configuring your Hub system with Eclipse

Set your Hub system preferences

STEP 2: View Vulnerability Information

Once set up, you can now view vulnerability information in the Black Duck vulnerability view for components being used in Eclipse. (For example – declared dependencies mentioned in your pom.xml along with the transitive dependencies that get called during compilation will be captured here.) 

Vulnerability information for components in Eclipse

Dependencies called during compilation

Isn’t that exciting? The plugin will be open sourced and available for download at the end of this month! Now that’s what I call Christmas! :-) 

If you haven’t already, try the Black Duck Hub today to help you better manage the use of open source software in your application.  

Want to contribute to this project with new features and/or use cases? Visit here to talk directly with our Product team.

 

 Watch a 3 Minute Demo of the Black Duck Hub

0 Comments
Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.
0 Comments

MORE BY THIS AUTHOR

Hub Detect: Comprehensive Open Source Scanning

| Aug 22, 2017

As a product manager at Black Duck, I drive our priorities with integrations. This means, of course, that I listen to our customers a lot — what integrations are working for them, what’s missing, and what new features would help them. Based on customer feedback, our team has been improving our

| MORE >

Scan Nirvana: Hub Detect for All Native Build & CI Tools

| Aug 15, 2017

When you’re trying to secure and manage the open source code in your applications, the first step is to accurately discover all the open source in your systems. Simply put, if you don’t know which open source components you’re using, you can’t protect yourself from vulnerabilities in those

| MORE >

Why Binary Risk Management is Similar to Managing Your Wardrobe

| Jan 3, 2017

As we bid adieu to 2016 and welcome 2017, I'm thinking about the shift from the Continuous Integration (CI)/Build step to the binary repository space as a new control point within the software development cycle. Such dramatic changes aren't new in the software world, but what suprises me most

| MORE >