I would like to set up a Black Duck security scan for our code through Jenkins. However, I'm facing an issue because the Black Duck server and Jenkins are in different Google Cloud Platform (GCP) projects. The Black Duck server is secured by Google Identity-Aware Proxy (IAP), requiring Google credentials for authentication. While I am able to log in to the server using the GUI with my GCP account, I am unable to do the same using Jenkins.
I have attempted the following steps:
Intalled synopsys-detect plugin on Jenkins
Tried configuring blackduck plugin but getting error as IAP is not allowing to establish the connectivity
I am able to generate a JWT token using the command below and get a successful response when using CURL, but I am unable to replicate the same in Jenkins.
gcloud auth print-identity-token --audiences="Client_ID"
curl -H "Authorization: Bearer YOUR_JWT_TOKEN" https://YOUR_IAP-PROTECTED_URL
Can someone help if there is any way to bypass google IAP and run black duck scan ?