Black Duck with Gitlab-CI runner

Question

Im trying to integrate BlackDuck in to a gitlab ci script. Running OpenJDK on Alpine 3.9.2

I get the following error in the logs

2019-10-14 15:19:00 ERROR [main] --- Scanning target /code/sre-web- 
portal failed: There was a problem scanning target '/code/sre-web- 
portal': Could not find the 'jre' directory in 
/root/blackduck/tools.
2019-10-14 15:19:00 INFO  [main] --- Signature scanner actions 
finished.

and the scan exits with

 --- Exiting with code 6 - FAILURE_SCAN

any have this error, or has successfully configured blackduck scan to run in gitlab-ci

command that's being run

bash <(curl -s -L https://detect.synopsys.com/detect.sh) -- 
detect.project.version.name=1 --blackduck.trust.cert=true --proxy- 
insecure --detect.blackduck.signature.scanner.dry.run=true -- 
blackduck.offline.mode=true --detect.tools.excluded=BINARY_SCAN

I have tried setting the BDS_JAVA_HOME environment variable and it still fails with

--- Exiting with code 6 - FAILURE_SCAN

Answer 1

The cause of your problem is that the required 'Siganture Scanner' tool is yet missing.

Your command tells me, your were running the scan in offline mode.
This means, you have two options to solve this problem:

1. Either download and install the Signature Scanner tool manually (see https://testing.blackduck.synopsys.com/doc/componentdiscovery/downloadandinstall.htm) and set --detect.blackduck.signature.scanner.local.path= option to scan.
2. Or run the scan in online mode once as the tool is automatically downloaded and installed only after first establishing a connection to the BlackDuck server. (You can switch back to offline mode after that.)

Credits go to this synopsys community article.