Pivotal + VMware: Transforming how more of the world builds software
Pivotal Services Marketplace

Black Duck for Pivotal Platform

Secure and Manage Open Source in Your Cloud-Native Applications

Compatible with PAS, PKS

Can be consumed by apps on PAS

Can be consumed by apps on PKS

Runs on PKS with no dependency on PAS

通过云原生应用中包含的开源软件的自动管理功能来快速构建并确保安全性。使用Black Duck Hub Service Broker,您可以扫描Pivotal Platform应用...

Secure Your Applications on Pivotal Platform

Identify and remediate open source software security vulnerabilities and license violations included with your application code using Black Duck’s Deep Image Scanning as you deploy to Pivotal Platform.

Release Software with Confidence

With Black Duck, each build-run automatically identifies open source risk in your applications. With the Pivotal Platform meta-buildpack, you can include the security scanning service as an integrated part of your application deployment pipeline.

Automated Threat Alerts

Policy enforcement ensures license and security compliance across all your applications. Automatically be alerted when new threats are reported.

Secure and Manage Open Source in Your Cloud-Native Applications
Black Duck Software 概述

Organizations worldwide use Black Duck Software’s industry-leading products to automate the processes of securing and managing open source software, eliminating the pain related to security vulnerabilities, open source license compliance and operational risk. With Blackduck for Pivotal Platform, you can:

  • Automate open source software license and security risk as part of the Pivotal Platform build-run.
  • Secure application lifecycle processes for multiple Pivotal Platform deployments with the Black Duck Service Broker in Pivotal Apps Manager marketplace.
  • Bind Black Duck Service Broker to any application running on Pivotal Platform.
  • Continuously monitor open source components in use and be alerted when new vulnerabilities are identified.

More about Black Duck Software


Option to broker a connection to a service running external to Pivotal Platform.

Option to create and destroy the service instance on demand as required.

Option for fully automated management of the service on Pivotal Platform. Monitoring, failure recovery, and software updates with zero-to-minimal downtime.

The service is documented with instructions for setup and operation.

Get visibility into details of service operation through standard monitoring and logging tools for products and Pivotal Platform.

Developers have control over when to upgrade to new versions, subject to policies set by operators, so that app modifications and downtime can be managed.

Available as a language agnostic meta-buildpack for deploying native integration applications in any language.

Available as a custom buildpack.

Supports offline use without dependencies on externally running services or licensing validation.

The buildpack is documented with instructions for setup and operation.

“Open source comprises over 80% of the components in a modern cloud-native application. Integration of Black Duck Hub with Pivotal Platform provides automated visibility and control into that open source. This helps increase enterprises’ confidence to grow their production deployment of cloud-native applications.”

Lou Shipley, CEO, Black Duck


The Black Duck Service Broker for Pivotal Platform enables software teams to easily add the scanning service from Pivotal Apps Manager or from the command line. The broker exposes the Black Duck scanning service on the marketplace and allows users to directly create service instances and bind them to their applications either from Pivotal Apps Manager or from the command line. This makes the installation and subsequent use of Black Duck with Pivotal Platform applications easier.

A Black Duck scan is performed during a cf_push with the meta-buildpack, producing a droplet and invoking a “Black Duck Decorator buildpack”. The scan results are available in the Black Duck web server console.

In addition to the Pivotal Platform build process a Black Duck scan may also be invoked in a Concourse pipeline.




Let's talk.

Contact us about Black Duck for Pivotal Platform.