NOTE: This function requires access to the "Hierarchical BOM" REST API of a Synoptic Black Duck SCA server . (See below for instructions on enabling this option on a self-managed server.)
SPDX-Builder can extract a bill-of-materials from a Black Duck server for a specified project version.
A project version in Black Duck is exported to an SPDX file by:
spdx-builder blackduck -o <output_file> <project> <version> --url <server_url> --token <access_token>Note: If no "output_file" is specified, the output is written to a file named
bom.spdx in the current directory. If the file has no extension, .spdx
is automatically appended.
Note: The "project" and "version" can be limited to the unique prefixes for a project version.
Note: The server URL and access token default to values found in
the BLACKDUCK_URL and BLACKDUCK_API_TOKEN environment variables.
To enable the Hierarchical BOM in the Black Duck server in case of a Docker Swarm installation:
- Add the
HUB_HIERARCHICAL_BOMenvironment variable to an.envfile. Set the value totrue.
or alternatively:
- Edit the webapp service in the
docker-compose.local-overrides.ymlfile located in the docker-swarm directory:webapp:environment: {HUB_HIERARCHICAL_BOM: "true"}.
In case of a Kubernetes or OpenShift installation:
- Add the following to your environs
flag:
--environs HUB_HIERARCHICAL_BOM:true