From fa916ace3092e3f9e5b4576ba54bf59aa5f129ec Mon Sep 17 00:00:00 2001 From: Frank Viernau Date: Mon, 23 Dec 2024 12:52:10 +0100 Subject: [PATCH] docs(website): Add a section for the new BlackDuck advisor Signed-off-by: Frank Viernau --- website/docs/tools/advisor.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/website/docs/tools/advisor.md b/website/docs/tools/advisor.md index 737e4c6b3fdc..f5ce9560d6e9 100644 --- a/website/docs/tools/advisor.md +++ b/website/docs/tools/advisor.md @@ -14,6 +14,25 @@ The providers require specific configuration in the [ORT configuration file](htt When executing the advisor, the providers to enable are selected with the `--advisors` option (or its short alias `-a`); here a comma-separated list with provider IDs is expected. The following sections describe the providers supported by the advisor: +# Black Duck + +This vulnerability provider obtains information about security vulnerabilities from the Black Duck instance specified +in the configuration. The configuration is mandatory, because authentication is required. +The implementation is in *experimental* state. Initial experiments indicate that it works with the ecosystems +crate, gem, hackage, maven, npm, nuget, pod, pub, and pypi, see https://github.com/oss-review-toolkit/ort/issues/9638. + +```yaml +ort: + advisor: + config: + BlackDuck: + options: + serverUrl: 'server-url' + apiToken: 'token' +``` + +To enable this provider, pass `-a BlackDuck` on the command line. + ## OSS Index This vulnerability provider does not require any further configuration as it uses the public service at https://ossindex.sonatype.org/.