The Black Duck Service Broker for PCF enables software teams to easily add the scanning service from Pivotal Apps Manager or from the command line. The broker exposes the Black Duck scanning service on the marketplace and allows users to directly create service instances and bind them to their applications either from Pivotal Apps Manager or from the command line. This makes the installation and subsequent use of Black Duck with PCF applications easier.
A Black Duck scan is performed during a cf_push with the meta-buildpack, producing a droplet and invoking a “Black Duck Decorator buildpack”. The scan results are available in the Black Duck web server console.
In addition to the PCF build process a Black Duck scan may also be invoked in a Concourse pipeline.