Hub APIs

Integrating Black Duck into Your Environment

• Common Scenarios for using Hub APIs

• Introduction to the Hub APIs

• Currently Available Hub APIs

• Detailed Examples

• Future Directions

Overview

2Black Duck Customer Conference

• CI/Build Systems

• Issue Trackers

• Internal Dashboard

Common Scenarios for using Hub APIs

3Black Duck Customer Conference

• Reporting – Components, Vulnerabilities, Notices

• Input to Internal Systems

• Other Third Party Tools

Common Scenarios for using Hub APIs

4Black Duck Customer Conference

5Black Duck Customer Conference

Hub API Introduction

Richardson Maturity Model• Level 0

• Level 1: Resources

• Level 2: Verbs

• Level 3: Hypermedia Controls

Styles of REST

6Black Duck Customer Conference

Hub APIs are Hypermedia REST APIs• All Resources are linked

• Links indicate what can be done next

• Permissions are determined by Links + Allow Headers

• Only initial URLs should be constructed by clients

• Versioned via Media Types

Introduction to the Hub APIs

7Black Duck Customer Conference

Visual Example

Introduction to the Hub APIs

8Black Duck Customer Conference

/api/projects/{id}/versions

/api/../versions/{id}/repo

rts

/api/projects

Overall Structure• All Request/Response Body Formats are JSON

• Each response that represents a resource will have metadata

• Metadata comprises of allow headers and links (also in response headers)

Introduction to the Hub APIs

9Black Duck Customer Conference

• Paging – offset, limit

• Sorting - sort

• Searching - q

• Filtering – filter (not used often yet)

• Use of Headers – Allow, Location (POST result)

Hub REST API Patterns

10Black Duck Customer Conference

Introduction to the Hub APIs

11Black Duck Customer Conference

Live Example: Structure

12Black Duck Customer Conference

Available Hub APIs

• General APIs (Most APIs fall into this category)

• Report APIs

• Notification APIs

• Extension APIs

General Categories

13Black Duck Customer Conference

• Project/Version

• Component/Version

• License

• Vulnerability

• Users

• User Roles/Groups

• Code Location

• Scan Summary

• Policy

• Risk Profile

• Vulnerable Component

• Matched Files

General APIs

14Black Duck Customer Conference

There are a small set of APIs to facilitate reporting

• Reporting of Components/Licenses/Files in a Project Version

• Reporting of Vulnerabilities

• Generations of Notices

Report APIs

15Black Duck Customer Conference

Report REST APIs – General Interactions

16Black Duck Customer Conference

REST API Client

Hub Server

1. Request Report Creation

2. Poll for Completion

3. Request Completed Report

Retrieve Notification of Events in the System

• Vulnerabilities

• Policy Violation

• License Limits (not all of them yet)

Notification APIs

17Black Duck Customer Conference

Notification REST APIs – General Interactions

18Black Duck Customer Conference

REST API Client

Hub Server

1. Request Notifications, Paged

2. Request Additional Details

3. Request Notification Set

• Allows an External System to Integrate with the Hub/UI

• Used by the Email Notification System

• Limited Set of Hub/UI Integration Points (will grow)

Extension APIs

19Black Duck Customer Conference

Extensions REST APIs – General Interactions

20Black Duck Customer Conference

Extension Service

Hub Server

1. Register Extension

2. Request Configuration Options

3. Request Configuration Values

4. Request Other REST API Data

5. Take Other Actions

Available Hub APIs

21Black Duck Customer Conference

Demo of APIs

22Black Duck Customer Conference

Detailed Example

• Improved REST API Documentation

• Many new APIs – BOM (read-write), Vuln Remediation APIs

• Two-Way APIs for Integrations

• Enhanced Extension Integration Points

Future Directions/Enhancements

23Black Duck Customer Conference

24Black Duck Customer Conference

Questions