The Synopsys Black Duck demo & workshop showcases how to scan containers deployed on Red Hat OpenShift with Synopsys' Software Composition Analysis tool, Black Duck, in production workloads. Black Duck provides a solution for managing security, license compliance and code quality risks that come from the use of open source and third-party code in applications and containers.

This workshop demonstrates Black Duck fully deployed and running on OpenShift and will cover the following topics:

1. Black Duck for OpenShift setup.
2. Project & 'pod running' verification.
3. Demo Application details
4. How Black Duck Scanning works.
5. An overview of Black Duck Scanning results.
6. Scanning a custom container.

Video

This video is Part 1 in a series of short videos uncovering how to scan and manage Open Source Software using Black Duck. Please also view the other short videos in this Black Duck PoC playlist. To understand the Black Duck for OpenShift integration, please follow the Workshop section below.

Demo

The Black Duck for OpenShift RHPDS catalog item can be used for demo purposes as well. Please follow the link to the workshop below and view the videos above to get an understanding of what to demo.

Workshop

This workshop may be provisioned using the Red Hat Product Demo System (RHPDS). Within RHPDS, the catalog item is in the Workshops category and is called Synopsys Black Duck for OpenShift. All students will be using a shared cluster deployed specifically for this workshop. In RHPDS, before ordering, the catalog item description links to instructions for how to set up your environment and other details about performing the workshop.

• Synopsys Black Duck for OpenShift Workshop

Additional Resources

• Webinar: Secure your "Dev" and "Ops" Pipeline with Synopsys and Red Hat
• Synopsys and Red Hat OpenShift 4: One smooth Operator!
• Blog: Black Duck supports securing containers in Red Hat OpenShift and CRI-O
• Red Hat Partner Spotlight: Synopsys