integrating black duck into your environment with hub apis
TRANSCRIPT
Hub APIs
Integrating Black Duck into Your Environment
• Common Scenarios for using Hub APIs
• Introduction to the Hub APIs
• Currently Available Hub APIs
• Detailed Examples
• Future Directions
Overview
2Black Duck Customer Conference
• CI/Build Systems
• Issue Trackers
• Internal Dashboard
Common Scenarios for using Hub APIs
3Black Duck Customer Conference
• Reporting – Components, Vulnerabilities, Notices
• Input to Internal Systems
• Other Third Party Tools
Common Scenarios for using Hub APIs
4Black Duck Customer Conference
5Black Duck Customer Conference
Hub API Introduction
Richardson Maturity Model• Level 0
• Level 1: Resources
• Level 2: Verbs
• Level 3: Hypermedia Controls
Styles of REST
6Black Duck Customer Conference
Hub APIs are Hypermedia REST APIs• All Resources are linked
• Links indicate what can be done next
• Permissions are determined by Links + Allow Headers
• Only initial URLs should be constructed by clients
• Versioned via Media Types
Introduction to the Hub APIs
7Black Duck Customer Conference
Visual Example
Introduction to the Hub APIs
8Black Duck Customer Conference
/api/projects/{id}/versions
/api/../versions/{id}/repo
rts
/api/projects
Overall Structure• All Request/Response Body Formats are JSON
• Each response that represents a resource will have metadata
• Metadata comprises of allow headers and links (also in response headers)
Introduction to the Hub APIs
9Black Duck Customer Conference
• Paging – offset, limit
• Sorting - sort
• Searching - q
• Filtering – filter (not used often yet)
• Use of Headers – Allow, Location (POST result)
Hub REST API Patterns
10Black Duck Customer Conference
Introduction to the Hub APIs
11Black Duck Customer Conference
Live Example: Structure
12Black Duck Customer Conference
Available Hub APIs
• General APIs (Most APIs fall into this category)
• Report APIs
• Notification APIs
• Extension APIs
General Categories
13Black Duck Customer Conference
• Project/Version
• Component/Version
• License
• Vulnerability
• Users
• User Roles/Groups
• Code Location
• Scan Summary
• Policy
• Risk Profile
• Vulnerable Component
• Matched Files
General APIs
14Black Duck Customer Conference
There are a small set of APIs to facilitate reporting
• Reporting of Components/Licenses/Files in a Project Version
• Reporting of Vulnerabilities
• Generations of Notices
Report APIs
15Black Duck Customer Conference
Report REST APIs – General Interactions
16Black Duck Customer Conference
REST API Client
Hub Server
1. Request Report Creation
2. Poll for Completion
3. Request Completed Report
Retrieve Notification of Events in the System
• Vulnerabilities
• Policy Violation
• License Limits (not all of them yet)
Notification APIs
17Black Duck Customer Conference
Notification REST APIs – General Interactions
18Black Duck Customer Conference
REST API Client
Hub Server
1. Request Notifications, Paged
2. Request Additional Details
3. Request Notification Set
• Allows an External System to Integrate with the Hub/UI
• Used by the Email Notification System
• Limited Set of Hub/UI Integration Points (will grow)
Extension APIs
19Black Duck Customer Conference
Extensions REST APIs – General Interactions
20Black Duck Customer Conference
Extension Service
Hub Server
1. Register Extension
2. Request Configuration Options
3. Request Configuration Values
4. Request Other REST API Data
5. Take Other Actions
Available Hub APIs
21Black Duck Customer Conference
Demo of APIs
22Black Duck Customer Conference
Detailed Example
• Improved REST API Documentation
• Many new APIs – BOM (read-write), Vuln Remediation APIs
• Two-Way APIs for Integrations
• Enhanced Extension Integration Points
Future Directions/Enhancements
23Black Duck Customer Conference
24Black Duck Customer Conference
Questions