Skip to content

EmersonDeltaV/blackduck-report-analysis-tool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
BlackduckReportAnalysis
BlackduckReportAnalysis
 
 
.gitignore
.gitignore
 
 
BlackduckReportAnalysis.sln
BlackduckReportAnalysis.sln
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Blackduck Report Analysis

Overview

The Blackduck Report Analysis project generates a summary of the reports and exports it to an Excel file. Unlike the reports generated directly from Black Duck, this tool includes mitigation details. The main benefit of this tool is its ability to quickly produce the necessary documentation for the Blackduck review and analysis during development or vulnerability mitigation planning. This ensures a streamlined and efficient review process. This project includes two main services:

  1. BlackduckApiService: Interacts with the Blackduck API to retrieve recommended fixes for vulnerabilities.
  2. ExcelService: Generates Excel reports summarizing security risks.

Features

  • Analyzes Blackduck reports
  • Generates summary reports and exports it to Excel in the specified format

Getting Started

Prerequisites

  • Microsoft Excel Desktop or Web
  • Black Duck Account
  • .NET SDK
  • ClosedXML library
  • Newtonsoft.Json library

Installation

  1. Clone the repository:
git clone https://github.com/EmersonDeltaV/blackduck-report-analysis-tool.git
cd BlackduckReportAnalysis
  1. Restore dependencies:
dotnet restore

Usage

Download the Black Duck Vulnerability Report for one or multiple Project Repositories

  1. Login to your Black Duck account and download the 'Vulnerability Status' reports for your repositories.
  2. Download the report and save it to your root drive, preferably with a shorter folder path (e.g., C: or D: drive).
  3. Extract the files.

Generate a Black Duck Access Token

  1. Login to your Black Duck account.
  2. Go to the ‘Access Tokens’ section in the upper right corner of your dashboard, then click ‘Create Token’.
  3. Provide a name and an optional description. Select ‘Read Access Only’ as the Scope.
  4. You need this token in config.json. You won’t need to regenerate it each time you use the tool.

Configure the Tool

  1. Navigate to the BlackDuckReportAnalysisTool folder and locate the config.json file. Modify the property values as follows:

    • ReportFolderPath: The folder path where you extracted the Black Duck Vulnerability Report.
    • OutputFilePath: The folder path where you want to save the summary report generated by the tool.
    • IncludeTransitiveDependency: Set to true or false depending on whether you want to include Transitive Dependency Vulnerabilities in the summary report.
    • Token: The read access only token you generated from Black Duck.
    • BaseUrl: Your Black Duck URL.
    • LogPath: The folder path where you want to save the logs.

    NOTE: Please use double backslash \\ to indicate the path.

Run the Black Duck Report Analysis Tool

  1. Once you configured the config.json you can now run 'BlackduckReportAnalysis.exe' as administrator.
  2. Wait for the tool to complete its process.
  3. Open the summary report in Excel.
  4. If there are blank cells under ‘Recommended Fix Version’ column, investigate further. This indicates that Black Duck does not list a recommended fix for those specific vulnerabilities.

Contributing

Contributions are welcome! Please open an issue or submit a pull request.

License

This project is licensed under the MIT License.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages