Skip to main content

DevOps Integrations

Automate Open Source Management
In Your Development Environment

Agile development relies on automated development and testing to accelerate time to market and improve product quality. Black Duck helps you ensure your applications are free of open source vulnerabilities and comply with open source license and use policies as part of your automated DevOps framework. With easy to use open source integrations for the most popular development tools, and REST API’s that allow you to build your own integrations for virtually any commercial or custom development environment, you can be agile, secure, and compliant.

IDE Integrations

With Black Duck IDE integrations you can discover open source security gaps as you code via Black Duck's source file scanning. These plugins automatically scan as you pull open source components into your code, allowing you to lookup component security information and take remediation steps even before you check in your code.

Black Duck Microsoft Visual Studio Integration

Microsoft Visual Studio

Download from Github

Black Duck Eclipse Integration


Download from Eclipse

Continuous Integration (CI) Tool Integrations

Black Duck CI integrations allow you to configure and automate scanning as part of your CI build process. Scan results are visible within both Black Duck and CI user interfaces, and open source application security, license, and use policies defined in Black Duck can be configured to show alerts within the CI tool or fail a build, allowing you to configure enforcement based on project type and build phase.

Black Duck Jenkins Integration


Download from Github

Black Duck TeamCity Integration


Download from Github

Black Duck Atlassian Bamboo Integration


Download from Github

Black Duck Microsoft Team Foundation Server Integration


Download from Github

Travis CI Integration

Travis CI

Download from Github

Black Duck CircleCI Integration


Download from Github

Black Duck GitLab Integration

GitLab CI

Download from Github

Black Duck Team Services Integration

Team Services

Download from Github

Black Duck GitLab Integration


Learn More

Black Duck GitLab Integration

AWS CodeBuild

Learn More

Black Duck GitLab Integration


Learn More

Package Managers and Build Tools

With Black Duck Detect, you can augment open source discovery and binary file scanning with dependency information obtained from the build environment itself. Black Duck Detect automates the collection and reporting of project dependencies to Black Duck, combining data from both sources into a highly complete and accurate open source bill of materials (BOM).

Black Duck Detect

Bug & Issue Tracking Integrations

Black Duck bug & issue tracking integrations allow you to generate, track, and manage issues (a.k.a. “tickets”) related to Black Duck policy violations and security alerts, natively in the systems you already use to manage your development and testing work.

Black Duck Atlassian Jira Integration

Atlassian Jira

Download from Github

Binary Repository Integrations

Black Duck binary repository integrations help you ensure that the code artifacts your developers are using comply with open source use policies and are free from known vulnerabilities. These plugins scan artifacts already in the repository as well as those being added, preventing non-compliant artifacts from entering or propagating. In addition, Black Duck's vulnerability & policy monitoring will alert you when new security risks or policies affect artifacts in the repository.

Black Duck JFrog Artifactory Integration

JFrog Artifactory

Download from GitHub

Black Duck Nexus Integration


Download from GitHub

Application Security Suite Integrations

Black Duck's application security suite integrations give users a “single pane of glass” view of application vulnerabilities across both the custom code and open source components that make-up their applications. This integrated view of open source vulnerabilities with static (SAST) testing results helps teams prioritize and track remediation efforts across the entire application codebase.

IBM AppScan Integration

IBM AppScan

Learn More



Learn More

Black Duck ThreadFix Integration


Available from ThreadFix

Container Platform Integrations

Docker containers are revolutionizing the way applications are packaged and deployed. Containers make continuous integration & delivery (CI/CD) of applications easier for development teams, but they also make application security and compliance management more challenging for operations teams. Black Duck container platform integrations help you ensure that your containers are free of open source vulnerabilities and comply with open source policies before, during, and after deployment.

Black Duck Red Hat OpenShift Container Platform


Learn More

Black Duck Red Hat Enterprise Linux Atomic Host Integration

RHEL Atomic Host

Download from Github

Black Duck Pivotal Integration

Pivotal Cloud Foundry

Learn More

Black Duck Docker Integration


Built In!

Black Duck Application Programming Interfaces

In addition to the pre-built integrations, you can also develop your own, custom integrations with Black Duck using a rich set of REST API’s, which support a wide range of configuration, automation, policy management, and alerting capabilities. Documentation and interactive examples are available from the Black Duck user interface.

SPDX Integration

open source community SPDX

The Software Package Data Exchange® (SPDX®) is an evolving standard for communicating the open source content, licenses and copyrights associated with a software package. The purpose of the standard is to help companies in a software supply chain more easily comply with software licensing obligations. 

SPDX provides a uniform approach to documenting and sharing a software bill of materials (BOM), making it more efficient for supply chain partners to communicate. The standard is developed and maintained by the SPDX workgroup of the Linux Foundation and is a critical element of the foundation’s Open Compliance Program.

Learn about the details of the Software Package Data Exchange Specification at

Customize Them. They’re Open Source.

Most Black Duck integrations are provided as open source integrations under the Apache 2.0 open source license. Customize them to meet the specific needs of your environment or use them as a model to create new integrations with your own tools. Have a change that will benefit other users? Contribute your changes back to the community. More information and issue trackers for the current integrations as well as the latest integrations and versions are available on the Black Duck page on GitHub.