Example of using the Black Duck SDK

You must first authenticate with the Black Duck application. For example, the following curl commands shows how to authenticate with the Black Duck application and get a bearer token prior to making the REST API calls:

curl -X POST \
https://<Black Duck server URL>/api/tokens/authenticate \
-H "Accept: application/vnd.blackducksoftware.user-4+json" \
-H "Authorization: token <API token from Black Duck>" 

Using the bearer token that is output when you authenticate, Get a list of projects:

curl -X GET \
https://<Black Duck server URL>/api/projects \
-H "Accept: */*" \
-H "Authorization: Bearer <bearer token>"

curl -X GET \
https://<Black Duck server URL>/api/projects?q=name%3AApplication1
-H "Accept: */*" \
-H "Authorization: Bearer <bearer token>"

Included in the JSON response are all your available http calls. Notice you can call “versions” or “canonicalVersion”.

Get the versions of Application1 project.

Using the links provided in the JSON response in step 1 I can use the following to get my project versions:

https://<Black Duck server url>/api/projects/4bfe0d5a-6b3d-4d11-8212-6b3b2f7b61b5/versions

Included in the JSON response are all your available http calls. Notice you can call “riskProfile”.

Using the links in the JSON response from above I can call the following to get the risk profile:

https://<Black Duck server url>/api/projects/4bfe0d5a-6b3d-4d11-8212-6b3b2f7b61b5/versions/f7838043-f144-4853-9c62-d1c4c49b909f/risk-profile

The JSON response includes all risk counts for Version, Activity, Vulnerability, License, and Operational risk. The user can now use those values for whatever external activity they’d like to do (fail a build, create bug tracking tickets, and so on)