Integrating Black Duck into Your Environment with Hub APIs

Oct 26, 20161 like4,911 views

This document discusses Hub APIs for integrating Black Duck into other environments. It provides an overview of common API scenarios, introduces the Hub APIs, and describes the currently available Hub API categories including general, report, notification, and extension APIs. The document also discusses REST API patterns and provides an example of API structure and interactions. It concludes by previewing future directions for Hub API enhancements.

Hub APIs
Integrating Black Duck into Your Environment

• Common Scenarios for using Hub APIs
• Introduction to the Hub APIs
• Currently Available Hub APIs
• Detailed Examples
• Future Directions
Overview
2Black Duck Customer Conference

• CI/Build Systems
• Issue Trackers
• Internal Dashboard
Common Scenarios for using Hub APIs
3Black Duck Customer Conference

• Reporting – Components, Vulnerabilities, Notices
• Input to Internal Systems
• Other Third Party Tools
Common Scenarios for using Hub APIs
4Black Duck Customer Conference

5Black Duck Customer Conference
Hub API Introduction

Richardson Maturity Model
• Level 0
• Level 1: Resources
• Level 2: Verbs
• Level 3: Hypermedia Controls
Styles of REST
6Black Duck Customer Conference

Hub APIs are Hypermedia REST APIs
• All Resources are linked
• Links indicate what can be done next
• Permissions are determined by Links + Allow Headers
• Only initial URLs should be constructed by clients
• Versioned via Media Types
Introduction to the Hub APIs
7Black Duck Customer Conference

Visual Example
Introduction to the Hub APIs
8Black Duck Customer Conference
/api/projects/{id}/versions
/api/../versions/{id}/repo
rts
/api/projects

Overall Structure
• All Request/Response Body Formats are JSON
• Each response that represents a resource will have metadata
• Metadata comprises of allow headers and links (also in response headers)
Introduction to the Hub APIs
9Black Duck Customer Conference

• Paging – offset, limit
• Sorting - sort
• Searching - q
• Filtering – filter (not used often yet)
• Use of Headers – Allow, Location (POST result)
Hub REST API Patterns
10Black Duck Customer Conference

Introduction to the Hub APIs
11Black Duck Customer Conference
Live Example: Structure

12Black Duck Customer Conference
Available Hub APIs

• General APIs (Most APIs fall into this category)
• Report APIs
• Notification APIs
• Extension APIs
General Categories
13Black Duck Customer Conference

There are a small set of APIs to facilitate reporting
• Reporting of Components/Licenses/Files in a Project Version
• Reporting of Vulnerabilities
• Generations of Notices
Report APIs
15Black Duck Customer Conference

Report REST APIs – General Interactions
16Black Duck Customer Conference
REST API Client
Hub Server
1. Request Report Creation
2. Poll for Completion
3. Request Completed Report

Retrieve Notification of Events in the System
• Vulnerabilities
• Policy Violation
• License Limits (not all of them yet)
Notification APIs
17Black Duck Customer Conference

Notification REST APIs – General Interactions
18Black Duck Customer Conference
REST API Client
Hub Server
1. Request Notifications, Paged
2. Request Additional Details
3. Request Notification Set

• Allows an External System to Integrate with the Hub/UI
• Used by the Email Notification System
• Limited Set of Hub/UI Integration Points (will grow)
Extension APIs
19Black Duck Customer Conference

Extensions REST APIs – General Interactions
20Black Duck Customer Conference
Extension Service
Hub Server
1. Register Extension
2. Request Configuration Options
3. Request Configuration Values
4. Request Other REST API Data
5. Take Other Actions

Available Hub APIs
21Black Duck Customer Conference
Demo of APIs

22Black Duck Customer Conference
Detailed Example

• Improved REST API Documentation
• Many new APIs – BOM (read-write), Vuln Remediation APIs
• Two-Way APIs for Integrations
• Enhanced Extension Integration Points
Future Directions/Enhancements
23Black Duck Customer Conference

24Black Duck Customer Conference
Questions

La virtualisation des classes constitue un projet très important pour le Sénégal mais aussi pour la plupart des pays africains comme la cote d’ivoire, le Ghana qui envoient des consultants au Sénégal uniquement pour mieux comprendre comment marche concrètement notre université virtuelle qui est aujourd’hui un modèle de référence pour le continent africain. C’est dans une démarche de réduire les distances entre les professeurs et les étudiants que nous avions pensés mettre en place un système, une solution adaptée permettant de répondre aux difficultés que rencontre les étudiants du département génie informatique en période de stage de fin d’année . Ainsi, le gain de temps est le premier avantage qu’offre ce système. En effet, le temps perdu lié à la nécessité de se déplacer pour rencontrer son maitre de stage ou son professeur encadrant, les réunions pédagogiques, est précieux et pourrait être consacré à bien d’autres activités beaucoup plus productives et plus bénéfiques. L’utilisation de ce système de classes virtuelles non seulement pour les étudiants mais aussi pour les professeurs s’avère donc être la solution idéale qui permettra d’économiser à la fois du temps et de l’énergie. Le partage de fichiers textes interactifs, la vidéo conférence, les chats instantanés le partage de bureau bref toutes ces fonctionnalités font de notre système de classes virtuelles un moyen d’apprentissage, pédagogique, collaboratif très utile pour une éducation performante, de qualité et surtout très propice à nos pays africains, vu le nombre interminable de bacheliers dans nos universités

Intro to Pentesting JenkinsBrian Hysell

Mise en place d’un serveur proxy : Cas du CCProxyJeff Hermann Ela Aba

SSH - Secure ShellSouhaib El

Pare feuABDELKADER ABDOKABOUYA

Abusing Microsoft Kerberos - Sorry you guys don't get itBenjamin Delpy

This document discusses abusing Microsoft Kerberos authentication. It provides an overview of how Kerberos authentication works, obtaining users' Kerberos keys from Active Directory or client memory, and using those keys to authenticate as the user without their password through techniques like Pass-the-Hash and Overpass-the-Hash. It also demonstrates these techniques live using mimikatz to dump keys and authenticate with captured keys.

Abusing Symlinks on WindowsOWASP Delhi

This document summarizes a presentation about abusing symbolic links on Windows. It discusses how symbolic links are implemented for object manager objects, registry keys, and NTFS files. It outlines different classes of vulnerabilities like resource overwrite, information disclosure, and time-of-check/time-of-use issues. Examples are given of vulnerabilities in Internet Explorer and the Windows Task Scheduler. Exploitation techniques like using object manager symlinks, mount points, and OPLOCKs are also described.

Découvrez la technologie WebRTC, comment cela fonctionne? Sylvain Boily

Deanonymize Tor Hidden ServicesFabrizio Farinacci

Hackfest presentation.pptxPeter Yaworski

Routage ripInes Kechiche

Unsafe JAX-RS: Breaking REST APIMikhail Egorov

Secure Web Applications with AWAStephane Carrez

The document discusses the Ada Web Application (AWA) framework for building secure web applications in Ada. It addresses common security problems like validating user input, authenticating users, and authorizing access. AWA leverages Ada features like strong typing to validate data, and includes modules for OpenID authentication and policy-based authorization. It presents the AWA architecture and features that help developers address these security problems.

Azure Penetration TestingCheah Eng Soon

NoSql InjectionNSConclave

This document summarizes a presentation on NoSQL injection given by Husseni Muzkkir. The presentation covered the differences between SQL and NoSQL databases, what NoSQL injection is and how it can be used to expose unauthorized information or modify data. It also described a NoSQL lab that was created with possible attack scenarios like authentication bypass, enumeration, data manipulation, and MongoDB injection. The presentation provided examples of insecure coding that could enable these attacks and discussed secure coding practices and a related CVE vulnerability.

Mise en place d’une solution de tests de sécurité pour les passerelles réside...Salmen HITANA

Set up of a security test plan for residential gateways Abstract: This work, done within the company "Sagemcom" is part of the project for obtaining Computer and Network Engineer Telecommunication National Graduation. The objective of this project is the establishment of a security testing solution for residential terminals. These terminals are the heart of any particular or professional network. Aware that the bridges are highly exposed to risks related to computer security, a test plan will cover possible scenarios and touch all functionality of the gateway (network access, WiFi, UPnP, VoIP, IHM). These tests will eventually be launched on a wide range of Sagemcom products to validate the proposed test environment. Key Word: Gateway, Security, hacking, pentesting, vulnerability

Firewall EndianFouad Root

Historia windowsinformatyka_sp15

API Design Best Practices & Tech Talk : API Craft Meetup @ ApigeeAnil Sagar

This document summarizes an API Tech Talk presentation. It discusses API design best practices including using RESTful principles like HTTP verbs in URLs, plural nouns, concrete names, and placing complex parameters behind query strings. It also covers versioning, pagination, supporting multiple formats, securing APIs with OAuth 2.0, and common concerns for API providers like security, traffic management, and mediation. The presentation included an overview of API tools and software as well as hands-on examples with Apigee and Usergrid products.

API Economy, Realizing the Business Value of APIsColdFusionConference

This document discusses Adobe API Management and how it can help businesses realize value from their APIs. It outlines how API Management automates access control, versioning, analytics, documentation and other functionality that would otherwise require manual implementation. The document also provides examples of API monetization strategies like transactional payments, subscriptions, marketplaces and partnerships. It highlights the speed, simplicity and scalability of Adobe's API Management platform and demonstrates its request flow and user interface.

apidays LIVE Hong Kong - Orchestrating APIs at Scale by Hieu Nguyen Nhuapidays

REST APIsArthur De Magalhaes

This document discusses RESTful microservices and best practices for designing REST APIs. It covers topics like why REST is important for API design, common REST principles, naming conventions, resource relationships, security, versioning, documentation, and management of REST APIs. It also provides examples of how various companies implement practices like filtering, searching, paging, and error handling in their REST APIs. Finally, it discusses how the WebSphere Liberty application server supports REST APIs through features like API discovery and collective APIs.

APIs, APIs and more APIsAnand Sawant

This document discusses APIs and summarizes several studies on API usage: 1. It introduces APIs and common approaches used to analyze them like text matching and bytecode analysis. 2. It summarizes four studies: a) a client lag time study finding clients do not often upgrade API versions, b) an API usage study finding small portions are used, c) a popularity and bug relationship study finding popular parts are better tested, and d) an API deprecation study finding clients rarely react to deprecated artifacts. 3. The API deprecation study is discussed in more detail, presenting example clients and findings such as the time frame of reaction and that clients tend to delete rather than replace deprecated references.

How to Build, Manage, and Promote APIsWSO2

The document discusses WSO2's API Management Platform, which provides tools for publishing, documenting, securing, analyzing usage of, and monetizing APIs. It highlights key features like API publishing, documentation, analytics, security via OAuth, and a roadmap including additional collaboration and monetization features. The platform is based on WSO2's middleware and aims to provide a minimum viable product in its first release with additional capabilities over time based on user requirements.

What’s behind a high quality web API? Ensure your APIs are more than just a ...Kim Clark

Web APIs have now become as important as websites for some enterprises. Dreaming up an attractive set of data resources to expose to your consumers is a critical step, but it's just the beginning. In the world of APIs, standards are rare, so common conventions are everything. Which should you choose, and how do you apply them to your data model? What architecture will ensure your APIs are robust, scalable, and secure? How do you ensure data integrity in an environment without transactionality? How will you prepare for huge changes in scale? How do you join your API world with your existing enterprise integration and SOA? Attendees will learn design practices to ensure their APIs are both attractive and consumable.

Maintaining the Front Door to NetflixBenjamin Schmaus

Oscon2014 Netflix API - Top 10 Lessons LearnedSangeeta Narayanan

More Related Content

What's hot (13)

Abusing Microsoft Kerberos - Sorry you guys don't get itBenjamin Delpy

Abusing Symlinks on WindowsOWASP Delhi

Découvrez la technologie WebRTC, comment cela fonctionne? Sylvain Boily

Deanonymize Tor Hidden ServicesFabrizio Farinacci

Hackfest presentation.pptxPeter Yaworski

Routage ripInes Kechiche

Unsafe JAX-RS: Breaking REST APIMikhail Egorov

Secure Web Applications with AWAStephane Carrez

Azure Penetration TestingCheah Eng Soon

NoSql InjectionNSConclave

Mise en place d’une solution de tests de sécurité pour les passerelles réside...Salmen HITANA

Firewall EndianFouad Root

Historia windowsinformatyka_sp15

Abusing Microsoft Kerberos - Sorry you guys don't get itBenjamin Delpy

Abusing Symlinks on WindowsOWASP Delhi

Découvrez la technologie WebRTC, comment cela fonctionne? Sylvain Boily

Deanonymize Tor Hidden ServicesFabrizio Farinacci

Hackfest presentation.pptxPeter Yaworski

Routage ripInes Kechiche

Unsafe JAX-RS: Breaking REST APIMikhail Egorov

Secure Web Applications with AWAStephane Carrez

Azure Penetration TestingCheah Eng Soon

NoSql InjectionNSConclave

Mise en place d’une solution de tests de sécurité pour les passerelles réside...Salmen HITANA

Firewall EndianFouad Root

Historia windowsinformatyka_sp15

Similar to Integrating Black Duck into Your Environment with Hub APIs (20)

API Design Best Practices & Tech Talk : API Craft Meetup @ ApigeeAnil Sagar

API Economy, Realizing the Business Value of APIsColdFusionConference

apidays LIVE Hong Kong - Orchestrating APIs at Scale by Hieu Nguyen Nhuapidays

REST APIsArthur De Magalhaes

APIs, APIs and more APIsAnand Sawant

How to Build, Manage, and Promote APIsWSO2

What’s behind a high quality web API? Ensure your APIs are more than just a ...Kim Clark

Maintaining the Front Door to NetflixBenjamin Schmaus

Oscon2014 Netflix API - Top 10 Lessons LearnedSangeeta Narayanan

How to design effective APIsBansilal Haudakari

The document discusses principles of effective API design. It begins by defining an API as providing a way for developers to interact with and consume a service. Some key principles discussed include: 1. Designing the API first before implementing backend logic to focus on usability. 2. Choosing an appropriate runtime that allows for scalability, reliability and hybrid cloud/on-premise deployment. 3. Using API contracts to define and enforce policies and service level agreements with consumers. 4. Monitoring API usage over time to understand usage patterns and improve the consumer experience. 5. Iteratively improving APIs through continuous feedback to optimize them over time. 6. Socializing APIs by creating developer port

Rkd Api Overviewdquack

This document provides an overview of an eLearning course on the Reuters Knowledge Direct API. The course objectives are to understand the components, data, infrastructure, support tools, troubleshooting, customer support model, and resources of the Reuters Knowledge Direct API. The course is approximately 8 hours long and covers topics such as the data delivery process, data content types, delivery channels like FTP and API, channel partners, and a data delivery module. It provides information on how clients access the data through FTP, API, and channel partners and who the channel partners are. The overview module discusses the introduction, data delivery process, and data content.

apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays

1. The document discusses the need for an integration specification to manage APIs that use multiple protocols and styles at large companies. 2. An integration specification would provide a single source of truth for technical metadata about APIs, including how they are structured, the data they manage, and how they relate to each other and enterprise data. 3. This would enable automated API discovery, integration, and management processes by describing APIs and their access to data products at an enterprise level.

Day 1 axway apim-trainingNextel Telecomunicações

The document provides an overview of a 5-day API Management training agenda with the following key points: - Day 1 covers an introduction to architecture, components, concepts, and deployment models. - Day 2 focuses on installing and setting up the API Gateway, virtualizing an API, and covering the "Hello API" lab. - Day 3 goes deeper into using the Policy Studio with additional labs. - Day 4 discusses advanced filters and security topics. - Day 5 covers administration and advanced setup.

APITalkMeetupSharableObaidur (OB) Rashid

APIs are important for integrating external and internal customers, enabling partners, and building business logic that can be used across different platforms and applications. This document discusses REST principles for API design including giving resources IDs, linking resources, using standard methods, supporting multiple representations, and making requests stateless. It also covers topics like ROA vs SOA, REST vs SOAP, adoption trends, authentication, versioning, and common anti-patterns.

M meijer api management - tech-days 2015Freelance Consultant / Manager / co-CTO

Intro to the Alfresco Public APIJeff Potts

This document introduces the Alfresco Public API, which addresses limitations of Alfresco's existing API. The vision is for a single API that works across cloud and on-premise. The document explains how to get started with the API, including understanding OAuth2 authentication, registering an app, using a CMIS library, and making API calls. It provides an overview of entities and operations supported by the API.

Maintaining the Netflix Front Door - Presentation at Intuit MeetupDaniel Jacobson

Flavours of APIs Chris Phillips

The document discusses three flavors or patterns of APIs: Resource API, System/Use Case API, and Consumer API. A Resource API has a 1-to-1 mapping between services and APIs, requires knowledge of data models, and has low complexity for providers but high complexity for consumers. A System/Use Case API aggregates services into APIs built around use cases, requires some data model knowledge, and has medium complexity for both providers and consumers. A Consumer API is designed purely around consumer needs, hides data models and integration details, and has high complexity for providers but low complexity for consumers.

Pain Points In API Development? They’re EverywhereNordic APIs

There’s an inherent tension for organizations doing API development: how to keep both your API developers as well as your infrastructure happy, at the same time. Decoupling front-end and back-end development allows parallel development, and helps keep your front-end, middle-end, and back-end efforts working asynchronously. This speeds progress, but requires far more – and far better – collaboration to be successful. Even an independent developer working with APIs requires good collaboration tools. In this talk, Abhinav Asthana will provide tips on how to improve in API development using collaboration tools like executable API descriptions, API mock servers, and documentation. He will include specific examples of how companies (such as VMware, Coursera, and AMC Theatres) have used collaboration to attain more agile development, to onboard developers, and to ensure input from all participants/stakeholders.

Apigility – Lightning Fast API Development - OSSCamp 2014 OSSCube

API Design Best Practices & Tech Talk : API Craft Meetup @ ApigeeAnil Sagar

API Economy, Realizing the Business Value of APIsColdFusionConference

apidays LIVE Hong Kong - Orchestrating APIs at Scale by Hieu Nguyen Nhuapidays

REST APIsArthur De Magalhaes

APIs, APIs and more APIsAnand Sawant

How to Build, Manage, and Promote APIsWSO2

What’s behind a high quality web API? Ensure your APIs are more than just a ...Kim Clark

Maintaining the Front Door to NetflixBenjamin Schmaus

Oscon2014 Netflix API - Top 10 Lessons LearnedSangeeta Narayanan

How to design effective APIsBansilal Haudakari

Rkd Api Overviewdquack

apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays

Day 1 axway apim-trainingNextel Telecomunicações

APITalkMeetupSharableObaidur (OB) Rashid

M meijer api management - tech-days 2015Freelance Consultant / Manager / co-CTO

Intro to the Alfresco Public APIJeff Potts

Maintaining the Netflix Front Door - Presentation at Intuit MeetupDaniel Jacobson

Flavours of APIs Chris Phillips

Pain Points In API Development? They’re EverywhereNordic APIs

Apigility – Lightning Fast API Development - OSSCamp 2014 OSSCube

More from Black Duck by Synopsys (20)

Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...Black Duck by Synopsys

Anthony Decicco, shareholder, GTC Law Group presented at FLIGHT West 2018. His session description included: A buyer and investor focused discussion of key open source software-related issues and deal points. Understanding the key legal and technical risks, as well as strategies for mitigating them, will help you to focus due diligence, speed and smooth negotiations and get better deal terms, increasing overall value and avoiding post-transaction surprises. For more information, please visit us at www.blackducksoftware.com

FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...Black Duck by Synopsys

Basma Shahadat, Lead Research Engineer presented at Black Duck Flight West 2018. Security checking in the early stages of the SDLC is critical. This session will demonstrate how Proofpoint is taking proactive steps to reduce risk by integrating Black Duck into Proofpoint’s continuous integration pipeline to detect open source vulnerabilities during the product build. For more information, please visit us at https://www.blackducksoftware.com/

FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck HubBlack Duck by Synopsys

This document provides an overview of open source license management best practices that have evolved over 16 years, from 2002 to 2018. It discusses how the risks have changed from lawsuits prompting code inspections to security vulnerabilities coming to the forefront. It also outlines the key functionality of Black Duck Hub for managing open source licenses, including predefined license groups, component usage settings, license risk modeling, policy management, license review workflows, and integrations. Finally, it proposes a suggested license management workflow involving license planning, policy creation, component reviews, attribution statements, and more.

FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...Black Duck by Synopsys

Managing open source security risks is important because most modern applications contain a significant amount of open source code that may contain vulnerabilities. It is difficult to manage these risks because vulnerabilities are often discovered after code is released. Tools can help with open source selection, governance, detection of used components, prioritizing and remediating vulnerabilities, and monitoring applications post-release. Managing open source security risks requires identifying components, setting policies, understanding usage, prioritizing issues, and monitoring ongoing.

FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...Black Duck by Synopsys

Open-Source- Sicherheits- und Risikoanalyse 2018Black Duck by Synopsys

FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...Black Duck by Synopsys

Open source software, patents, and trade secrets each offer different ways to protect information relating to software. Open source licenses make source code available and allow free distribution but also allow others to modify the code. Patents protect specific inventions for a limited time but require describing the invention publicly. Trade secrets have indefinite protection as long as information is kept secret, but lose protection if the secret becomes public. Combining these approaches poses challenges, as open source and trade secrets in particular seem contradictory. Companies must carefully manage what software is shared openly versus kept proprietary through internal policies and legal agreements.

FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys

The document discusses data breaches and relevant laws. It notes an increasing number of data breaches and introduces key laws around data security - the GDPR and NISD. The GDPR requires organizations to implement appropriate security measures to protect personal data and report breaches. It applies broadly to any group processing EU citizens' data or offering goods/services to them. The NISD focuses on essential services and digital service providers, requiring security and reporting of significant incidents. Non-compliance can result in large fines and litigation. Proper precautions such as response planning and legal advice are recommended.

FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your DealBlack Duck by Synopsys

Flight Amsterdam presentation by Anthony Decicco, Shareholder, GTC Law Group Open source software is increasingly centric to transactions, whether licensing, mergers, acquisitions, financing, insurance, offerings or loans, and the deal landscape is changing with the prevalence of representation and warranty insurance, heightened focus on security vulnerabilities and increasing litigation. As such, it is important to understand and re-visit key open source software-related issues and deal points to accelerate your deal, avoid unnecessary due diligence and realize the most value from your open source software-related compliance efforts.

FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...Black Duck by Synopsys

FLIGHT Amsterdam Presentation - From Protex to Hub Black Duck by Synopsys

Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Black Duck by Synopsys

The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April. You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best practices, and thought leadership every week. Don’t delay, subscribe today! Now on to this week’s open source security and cybersecurity news.

Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Black Duck by Synopsys

Open Source Rookies and CommunityBlack Duck by Synopsys

Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys

We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year. Open Source Insight is your weekly news resource for open source security and cybersecurity news!

Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Black Duck by Synopsys

It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the CVE (Common Vulnerabilities and Exposures) gap be closed? The GDPR (General Data Protection Regulation) is bearing down on us like a freight train, and it’s past time to include open source security into your GDPR plans. Plus, an intro to the Open Hub community, looking at security for blockchain apps, and best practices for open source security in container environments are all featured in this week’s cybersecurity and open source security news.

Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Black Duck by Synopsys

This document provides a summary of cybersecurity and open source news stories from March 2nd. It discusses the need to incorporate application security practices into the DevOps process. It also looks at deciding between open source and proprietary software based on factors like code transparency and vendor support. Additionally, it reports that one in eight open source components contain security flaws and explains why enterprises need a comprehensive software security program rather than isolated security activities. Finally, it provides answers to frequently asked questions about the GDPR regulation and notes unexpected places where GDPR-related data can be found.

Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...Black Duck by Synopsys

This week’s Open Source Insight features a powerful visualization tool displaying the world’s biggest data breaches at name brands such as Ebay, Equifax, Anthem, and Target. The White House and British Foreign Office have condemned a cyber-attack launched by the Russian military on Ukraine and hint at reprisals. Black Duck brings open source vulnerability detection to Kubernetes, and Synopsys will host Elevate, an evening thought leadership event at Embedded World 2018 featuring an elite group of international cyber security experts leading a discussion about IoT and embedded systems security threats and solutions. Read on for all the open source security and cybersecurity news you need to know this week.

Open Source Insight: Happy Birthday Open Source and Application Security for ...Black Duck by Synopsys

Opinions differ on exactly when, but open source turned twenty this year. Most security breaches in 2017 were preventable (you hear that, Equifax?), and it’s time to take a look back to prevent similar breaches in 2018. iPhone source code gets leaked (for a short time). And keeping medical devices, voting machines, automobiles, and critical infrastructure safe in a world of increasing application risk. Read on for open source security and cybersecurity in Open Source Insight for February 9th, 2018.

Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsBlack Duck by Synopsys

This week in Open Source Insight we examine blockchain security and the cryptocurrency boom. Plus, take an in depth look at open source software in tech contracts with a legal expert from Tech Contracts Academy, Adobe Flash Player continues to be a security concern, the Open Source Initiative turns 20, and step by step instructions for migrating to Docker on Black Duck Hub. Cybersecurity and security breach news also dominates this week, as Synopsys examines security breaches in 2017 and how they were preventable.

Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...Black Duck by Synopsys

FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...Black Duck by Synopsys

FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck HubBlack Duck by Synopsys

FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...Black Duck by Synopsys

FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...Black Duck by Synopsys

Open-Source- Sicherheits- und Risikoanalyse 2018Black Duck by Synopsys

FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...Black Duck by Synopsys

FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys

FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your DealBlack Duck by Synopsys

FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...Black Duck by Synopsys

FLIGHT Amsterdam Presentation - From Protex to Hub Black Duck by Synopsys

Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Black Duck by Synopsys

Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Black Duck by Synopsys

Open Source Rookies and CommunityBlack Duck by Synopsys

Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys

Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Black Duck by Synopsys

Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Black Duck by Synopsys

Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...Black Duck by Synopsys

Open Source Insight: Happy Birthday Open Source and Application Security for ...Black Duck by Synopsys

Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsBlack Duck by Synopsys

Recently uploaded (20)

Into The Box Conference Keynote Day 1 (ITB2025)Ortus Solutions, Corp

Linux Support for SMARC: How Toradex Empowers Embedded DevelopersToradex

Toradex brings robust Linux support to SMARC (Smart Mobility Architecture), ensuring high performance and long-term reliability for embedded applications. Here’s how: • Optimized Torizon OS & Yocto Support – Toradex provides Torizon OS, a Debian-based easy-to-use platform, and Yocto BSPs for customized Linux images on SMARC modules. • Seamless Integration with i.MX 8M Plus and i.MX 95 – Toradex SMARC solutions leverage NXP’s i.MX 8 M Plus and i.MX 95 SoCs, delivering power efficiency and AI-ready performance. • Secure and Reliable – With Secure Boot, over-the-air (OTA) updates, and LTS kernel support, Toradex ensures industrial-grade security and longevity. • Containerized Workflows for AI & IoT – Support for Docker, ROS, and real-time Linux enables scalable AI, ML, and IoT applications. • Strong Ecosystem & Developer Support – Toradex offers comprehensive documentation, developer tools, and dedicated support, accelerating time-to-market. With Toradex’s Linux support for SMARC, developers get a scalable, secure, and high-performance solution for industrial, medical, and AI-driven applications. Do you have a specific project or application in mind where you're considering SMARC? We can help with Free Compatibility Check and help you with quick time-to-market For more information: https://www.toradex.com/computer-on-modules/smarc-arm-family

Mobile App Development Company in Saudi ArabiaSteve Jonas

EmizenTech is a globally recognized software development company, proudly serving businesses since 2013. With over 11+ years of industry experience and a team of 200+ skilled professionals, we have successfully delivered 1200+ projects across various sectors. As a leading Mobile App Development Company In Saudi Arabia we offer end-to-end solutions for iOS, Android, and cross-platform applications. Our apps are known for their user-friendly interfaces, scalability, high performance, and strong security features. We tailor each mobile application to meet the unique needs of different industries, ensuring a seamless user experience. EmizenTech is committed to turning your vision into a powerful digital product that drives growth, innovation, and long-term success in the competitive mobile landscape of Saudi Arabia.

#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025BookNet Canada

Book industry standards are evolving rapidly. In the first part of this session, we’ll share an overview of key developments from 2024 and the early months of 2025. Then, BookNet’s resident standards expert, Tom Richardson, and CEO, Lauren Stewart, have a forward-looking conversation about what’s next. Link to recording, transcript, and accompanying resource: https://bnctechforum.ca/sessions/standardsgoals-for-2025-standards-certification-roundup/ Presented by BookNet Canada on May 6, 2025 with support from the Department of Canadian Heritage.

Technology Trends in 2025: AI and Big Data AnalyticsInData Labs

At InData Labs, we have been keeping an ear to the ground, looking out for AI-enabled digital transformation trends coming our way in 2025. Our report will provide a look into the technology landscape of the future, including: -Artificial Intelligence Market Overview -Strategies for AI Adoption in 2025 -Anticipated drivers of AI adoption and transformative technologies -Benefits of AI and Big data for your business -Tips on how to prepare your business for innovation -AI and data privacy: Strategies for securing data privacy in AI models, etc. Download your free copy nowand implement the key findings to improve your business.

Special Meetup Edition - TDX Bengaluru Meetup #52.pptxshyamraj55

Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxAnoop Ashok

IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...organizerofv

Electronic_Mail_Attacks-1-35.pdf by xploitniftliyevhuseyn

tecnologias de las primeras civilizaciones.pdffjgm517

Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...BookNet Canada

Book industry standards are evolving rapidly. In the first part of this session, we’ll share an overview of key developments from 2024 and the early months of 2025. Then, BookNet’s resident standards expert, Tom Richardson, and CEO, Lauren Stewart, have a forward-looking conversation about what’s next. Link to recording, presentation slides, and accompanying resource: https://bnctechforum.ca/sessions/standardsgoals-for-2025-standards-certification-roundup/ Presented by BookNet Canada on May 6, 2025 with support from the Department of Canadian Heritage.

The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfAbi john

2025-05-Q4-2024-Investor-Presentation.pptxSamuele Fogagnolo

Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Aqusag Technologies

Generative Artificial Intelligence (GenAI) in BusinessDr. Tathagat Varma

How analogue intelligence complements AIPaul Rowe

Artificial Intelligence is providing benefits in many areas of work within the heritage sector, from image analysis, to ideas generation, and new research tools. However, it is more critical than ever for people, with analogue intelligence, to ensure the integrity and ethical use of AI. Including real people can improve the use of AI by identifying potential biases, cross-checking results, refining workflows, and providing contextual relevance to AI-driven results. News about the impact of AI often paints a rosy picture. In practice, there are many potential pitfalls. This presentation discusses these issues and looks at the role of analogue intelligence and analogue interfaces in providing the best results to our audiences. How do we deal with factually incorrect results? How do we get content generated that better reflects the diversity of our communities? What roles are there for physical, in-person experiences in the digital world?

Greenhouse_Monitoring_Presentation.pptx.hpbmnnxrvb

Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveScyllaDB

Want to learn practical tips for designing systems that can scale efficiently without compromising speed? Join us for a workshop where we’ll address these challenges head-on and explore how to architect low-latency systems using Rust. During this free interactive workshop oriented for developers, engineers, and architects, we’ll cover how Rust’s unique language features and the Tokio async runtime enable high-performance application development. As you explore key principles of designing low-latency systems with Rust, you will learn how to: - Create and compile a real-world app with Rust - Connect the application to ScyllaDB (NoSQL data store) - Negotiate tradeoffs related to data modeling and querying - Manage and monitor the database for consistently low latencies

ThousandEyes Partner Innovation Updates for May 2025ThousandEyes

AI and Data Privacy in 2025: Global TrendsInData Labs

In this infographic, we explore how businesses can implement effective governance frameworks to address AI data privacy. Understanding it is crucial for developing effective strategies that ensure compliance, safeguard customer trust, and leverage AI responsibly. Equip yourself with insights that can drive informed decision-making and position your organization for success in the future of data privacy. This infographic contains: -AI and data privacy: Key findings -Statistics on AI data privacy in the today’s world -Tips on how to overcome data privacy challenges -Benefits of AI data security investments. Keep up-to-date on how AI is reshaping privacy standards and what this entails for both individuals and organizations.

Into The Box Conference Keynote Day 1 (ITB2025)Ortus Solutions, Corp

Linux Support for SMARC: How Toradex Empowers Embedded DevelopersToradex

Mobile App Development Company in Saudi ArabiaSteve Jonas

#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025BookNet Canada

Technology Trends in 2025: AI and Big Data AnalyticsInData Labs

Special Meetup Edition - TDX Bengaluru Meetup #52.pptxshyamraj55

Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxAnoop Ashok

IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...organizerofv

Electronic_Mail_Attacks-1-35.pdf by xploitniftliyevhuseyn

tecnologias de las primeras civilizaciones.pdffjgm517

Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...BookNet Canada

The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfAbi john

2025-05-Q4-2024-Investor-Presentation.pptxSamuele Fogagnolo

Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Aqusag Technologies

Generative Artificial Intelligence (GenAI) in BusinessDr. Tathagat Varma

How analogue intelligence complements AIPaul Rowe

Greenhouse_Monitoring_Presentation.pptx.hpbmnnxrvb

Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveScyllaDB

ThousandEyes Partner Innovation Updates for May 2025ThousandEyes

AI and Data Privacy in 2025: Global TrendsInData Labs

Integrating Black Duck into Your Environment with Hub APIs

1. Hub APIs Integrating Black Duck into Your Environment

2. • Common Scenarios for using Hub APIs • Introduction to the Hub APIs • Currently Available Hub APIs • Detailed Examples • Future Directions Overview 2Black Duck Customer Conference

3. • CI/Build Systems • Issue Trackers • Internal Dashboard Common Scenarios for using Hub APIs 3Black Duck Customer Conference

4. • Reporting – Components, Vulnerabilities, Notices • Input to Internal Systems • Other Third Party Tools Common Scenarios for using Hub APIs 4Black Duck Customer Conference

5. 5Black Duck Customer Conference Hub API Introduction

6. Richardson Maturity Model • Level 0 • Level 1: Resources • Level 2: Verbs • Level 3: Hypermedia Controls Styles of REST 6Black Duck Customer Conference

7. Hub APIs are Hypermedia REST APIs • All Resources are linked • Links indicate what can be done next • Permissions are determined by Links + Allow Headers • Only initial URLs should be constructed by clients • Versioned via Media Types Introduction to the Hub APIs 7Black Duck Customer Conference

8. Visual Example Introduction to the Hub APIs 8Black Duck Customer Conference /api/projects/{id}/versions /api/../versions/{id}/repo rts /api/projects

9. Overall Structure • All Request/Response Body Formats are JSON • Each response that represents a resource will have metadata • Metadata comprises of allow headers and links (also in response headers) Introduction to the Hub APIs 9Black Duck Customer Conference

10. • Paging – offset, limit • Sorting - sort • Searching - q • Filtering – filter (not used often yet) • Use of Headers – Allow, Location (POST result) Hub REST API Patterns 10Black Duck Customer Conference

11. Introduction to the Hub APIs 11Black Duck Customer Conference Live Example: Structure

12. 12Black Duck Customer Conference Available Hub APIs

13. • General APIs (Most APIs fall into this category) • Report APIs • Notification APIs • Extension APIs General Categories 13Black Duck Customer Conference

14. • Project/Version • Component/Version • License • Vulnerability • Users • User Roles/Groups • Code Location • Scan Summary • Policy • Risk Profile • Vulnerable Component • Matched Files General APIs 14Black Duck Customer Conference

15. There are a small set of APIs to facilitate reporting • Reporting of Components/Licenses/Files in a Project Version • Reporting of Vulnerabilities • Generations of Notices Report APIs 15Black Duck Customer Conference

16. Report REST APIs – General Interactions 16Black Duck Customer Conference REST API Client Hub Server 1. Request Report Creation 2. Poll for Completion 3. Request Completed Report

17. Retrieve Notification of Events in the System • Vulnerabilities • Policy Violation • License Limits (not all of them yet) Notification APIs 17Black Duck Customer Conference

18. Notification REST APIs – General Interactions 18Black Duck Customer Conference REST API Client Hub Server 1. Request Notifications, Paged 2. Request Additional Details 3. Request Notification Set

19. • Allows an External System to Integrate with the Hub/UI • Used by the Email Notification System • Limited Set of Hub/UI Integration Points (will grow) Extension APIs 19Black Duck Customer Conference

20. Extensions REST APIs – General Interactions 20Black Duck Customer Conference Extension Service Hub Server 1. Register Extension 2. Request Configuration Options 3. Request Configuration Values 4. Request Other REST API Data 5. Take Other Actions

21. Available Hub APIs 21Black Duck Customer Conference Demo of APIs

22. 22Black Duck Customer Conference Detailed Example

23. • Improved REST API Documentation • Many new APIs – BOM (read-write), Vuln Remediation APIs • Two-Way APIs for Integrations • Enhanced Extension Integration Points Future Directions/Enhancements 23Black Duck Customer Conference

24. 24Black Duck Customer Conference Questions

Integrating Black Duck into Your Environment with Hub APIs

Recommended

More Related Content

What's hot (13)

Similar to Integrating Black Duck into Your Environment with Hub APIs (20)

More from Black Duck by Synopsys (20)

Recently uploaded (20)

Integrating Black Duck into Your Environment with Hub APIs