The Black Duck Service Broker for Tanzu enables software teams to easily add the scanning service from Tanzu Apps Manager or from the command line. The broker exposes the Black Duck scanning service on the marketplace and allows users to directly create service instances and bind them to their applications either from Tanzu Apps Manager or from the command line. This makes the installation and subsequent use of Black Duck with Tanzu applications easier.
A Black Duck scan is performed during a cf_push with the meta-buildpack, producing a droplet and invoking a “Black Duck Decorator buildpack”. The scan results are available in the Black Duck web server console.
In addition to the Tanzu build process a Black Duck scan may also be invoked in a Concourse pipeline.