Known Issues and Limitations

The following is a list of known issues and limitations in Black Duck:

New Known Issues

  • Due to updates to the security ranking algorithm, searching for vulnerabilities on the Find → Vulnerabilities page may display results different from previous versions.

Current Known Issues and Limitations

  • When transitioning active project versions to LTS, additional vulnerabilities might the discovered in the LTS project if the active project included components identified through snippet scanning. In future updates, components matched via snippet scanning will no longer be carried over to LTS projects.

  • The SCM Integration for Bitbucket Data Center is currently not functioning correctly. Please contact Black Duck Support for assistance in using this feature.

  • Users of the Bitbucket Cloud SCM provider must use the same workspace name and workspace ID in Bitbucket in order to clone repositories from that workspace.

  • When searching for CISA Known Exploited Vulnerabilities on the Find page, you must also check the Affecting Projects checkbox to get results. Checking only the CISA Known Exploited Vulnerability checkbox will not yield any search results.

  • The Scan Heatmap found under Admin > Diagnostics > Heatmaps displays results in UTC time instead of local time. Please be aware of this when using this new feature.

  • Components marked for deletion based on Match Score threshold setting are not being removed when re-uploading BDIO through UI.

  • The Purge ONLY Archived Project Version Unmatched Scan File Data and Purge All Unmatched File Data links do not work at both the project (project > Settings tab) and global (Admin > System Settings > Data Retention) levels.

  • If you are using an LDAP directory server to authenticate users, consider the following:

    • Black Duck supports a single LDAP server. Multiple servers are not supported.

    • If a user is removed from the directory server, Black Duck user account continues to appear as active. However, the credentials are no longer valid and cannot be used to log in.

    • If a group is removed from the directory server, Black Duck group is not removed. Delete the group manually.

  • Tagging only supports letters, numbers, and the plus (+) and underscore (_) characters.

  • If Black Duck is authenticating users, user names are not case sensitive during login. If LDAP user authentication is enabled, user names are case sensitive.

  • If a code location has a large bill of materials, deleting a code location may fail with a user interface timeout error.