Artifactory Integration

The Artifactory Integration is a new mechanism to protect the Software Supply Chain. Since Artifactory is typically one of the last links of that chain, scanning each and every artifact within a configured set of Artifactory Repositories allows customers to have control of their individual supply chain.

Enabling Artifactory Integration

Your registration key must have Artifactory Integration enabled to access this feature. Once enabled, add the following in your values.yaml file: 

enableIntegration: true

For more information on how to configure Artifactory Integration in your environment, please refer to Artifactory Integration.

To access the Integrations page:

  1. Log in to Black Duck with the Integration Manager role.

  2. Click .

  3. Click Integrations.

Adding an Artifactory server

From the Integrations page, you can add an Artifactory server by following the steps below:

  1. Click the + Add Server button. The Add Artifactory Server page appears.

    Artifactory Servers page
  2. Add the following information:
    • Enter the Name of your Artifactory server. This field is mandatory.
    • Check the Enable Server checkbox if this server is ready for use.
    • Use the Search Interval slider to select a desired polling time for your server.
    • Use the Storage Limit slider to select the maximum space that can be used by artifacts while being scanned.
    • Enter a Search Cutoff Date in the date selector to set a date where artifacts having a lastUpdated time prior to this value will not be subject to the blocking strategy set for the repository regardless of the blocking strategy value.
  3. Click the + Add Repository button to add a repository.

    Add Repository dialog box
    • Enter the Repository Name.
    • Check any of the Lightweight BOM or Docker checkboxes if they apply to your repository. A lightweight BOM is a data store with minimum set of functionalities which can scale to store large number of persistent project versions within Black Duck. Enabling this option will build a json file when the artifacts in the repository are scanned. Vulnerabilities are asynchroneously updated from the KnowledgeBase. The json file will be replaced by a Black Duck User interface in the upcoming releases.
    • Select the Blocking Strategy for your repository.
    You can also add additional Filtering Options by clicking the link. Available options are:
    • Folder Names: Enter a folder name to add to the list of folders in this repository which should be searched for artifacts to scan.
    • Exclude Patterns: Wildcard filter of file patterns which will exclude an artifact from being subject to the blocking strategy provided. An empty value indicates no files are excluded.
    • Include Patterns: Wildcard filter of file patterns which are subject to the blocking strategy provided. An empty value indicates all files are to be included.

Modifying an Artifactory server

From the Integrations page, you can edit an Artifactory server by following the steps below:

  1. Click your server from the displayed list or click the Options button button at the end of your server and select Edit. The Artifactory server's page appears.


  2. Edit the desired field(s).
  3. Click the Save button.

Deleting an Artifactory server

From the Integrations page, you can delete an Artifactory server by clicking the Options button button at the end of your server and selecting Delete or by clicking your server from the displayed list and then clicking the Delete Server button from the Artifactory Server page.