From 20e80da643d9e79d107e64b1211315a4c815274d Mon Sep 17 00:00:00 2001 From: Frank Viernau Date: Mon, 23 Dec 2024 12:52:10 +0100 Subject: [PATCH] docs(website): Add a section for the new BlackDuck advisor Signed-off-by: Frank Viernau --- website/docs/tools/advisor.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/website/docs/tools/advisor.md b/website/docs/tools/advisor.md index 38050fb6db805..7b2b1339ad8d0 100644 --- a/website/docs/tools/advisor.md +++ b/website/docs/tools/advisor.md @@ -14,6 +14,28 @@ The providers require specific configuration in the [ORT configuration file](htt When executing the advisor, the providers to enable are selected with the `--advisors` option (or its short alias `-a`); here a comma-separated list with provider IDs is expected. The following sections describe the providers supported by the advisor: +## Black Duck + +This vulnerability provider obtains information about security vulnerabilities from the Black Duck instance specified in the configuration. +The configuration is mandatory, because authentication is required. +:::note +The implementation is in *experimental* state. +::: +Initial experiments indicate that it works with the ecosystems mentioned [over here](https://github.com/oss-review-toolkit/ort/issues/9638). + +```yaml +ort: + advisor: + config: + BlackDuck: + options: + serverUrl: 'server-url' + secrets: + apiToken: 'token' +``` + +To enable this provider, pass `-a BlackDuck` on the command line. + ## OSS Index This vulnerability provider does not require any further configuration as it uses the public service at https://ossindex.sonatype.org/.