Skip to content

dhi: add black duck scanner support #25167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
craig-osterhout merged 1 commit into from
May 27, 2026
+19 −6
Merged

dhi: add black duck scanner support #25167

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions content/manuals/dhi/explore/scanner-integrations.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: Scanner integrations
description: Learn which vulnerability scanners work with Docker Hardened Images and how to choose the right scanner for accurate vulnerability assessment.
keywords: scanner integration, vulnerability scanning, docker scout, trivy, grype, mend.io, container security scanners
keywords: scanner integration, vulnerability scanning, docker scout, trivy, grype, mend.io, black duck, container security scanners
weight: 40
---

Expand All @@ -26,6 +26,8 @@ Hardened Images to deliver more accurate vulnerability assessments:
- [Mend.io](https://www.mend.io/): Automatically retrieves and applies VEX
statements with zero configuration. Combines VEX data with reachability
analysis.
- [Black Duck](https://www.blackduck.com/): Identifies Docker Hardened Images
and applies VEX statements with zero configuration.

For step-by-step instructions, see [Scan Docker Hardened Images](/manuals/dhi/how-to/scan.md).

Expand Down Expand Up @@ -66,8 +68,8 @@ from Docker Hardened Images offer the following benefits:
aren't flagged; security teams and compliance officers can review the reasoning
rather than trusting a vendor's black box.
- Scanner flexibility: Switch between any VEX-enabled scanner (Docker Scout,
Trivy, Grype, Wiz, Mend.io, etc.) without losing vulnerability context or
rebuilding exclusion lists.
Trivy, Grype, Wiz, Mend.io, Black Duck, etc.) without losing vulnerability
context or rebuilding exclusion lists.
- Consistent results: VEX-enabled scanners interpret the same data the
same way, eliminating discrepancies between tools.
- Faster workflows: Focus on real risks rather than researching why reported
Expand Down Expand Up @@ -99,7 +101,7 @@ The image includes signed attestations that explain which vulnerabilities don't
apply and why. Any VEX-enabled scanner can read these attestations, giving you:

- Tool flexibility: Use any scanner that supports OpenVEX (Docker Scout,
Trivy, Grype, Wiz, Mend.io, etc.)
Trivy, Grype, Wiz, Mend.io, Black Duck, etc.)
- Complete transparency: Review the exact reasoning for each vulnerability
assessment
- Full auditability: Security teams and compliance officers can independently
Expand Down
14 changes: 12 additions & 2 deletions content/manuals/dhi/how-to/scan.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
---
title: Scan Docker Hardened Images
linktitle: Scan an image
description: Learn how to scan Docker Hardened Images for known vulnerabilities using Docker Scout, Grype, Trivy, Wiz, or Mend.io.
keywords: scan container image, docker scout cves, grype scanner, trivy container scanner, mend.io, vex attestation
description: Learn how to scan Docker Hardened Images for known vulnerabilities using Docker Scout, Grype, Trivy, Wiz, Mend.io, or Black Duck.
keywords: scan container image, docker scout cves, grype scanner, trivy container scanner, mend.io, black duck, vex attestation
weight: 46
---

Expand All @@ -23,6 +23,8 @@ read and apply the VEX statements included with Docker Hardened Images:
zero configuration
- [Mend.io](#mendio): Automatically applies VEX statements with
zero configuration
- [Black Duck](#black-duck): Automatically applies VEX statements with
zero configuration

For guidance on choosing the right scanner and understanding the differences
between VEX-enabled and non-VEX scanners, see [Scanner
Expand Down Expand Up @@ -401,6 +403,14 @@ as Not Affected, Fixed, or Under Investigation.
For more information, see the [Mend.io Docker Hardened Images
documentation](https://docs.mend.io/platform/latest/docker-hardened-images).

## Black Duck

[Black Duck](https://www.blackduck.com/) identifies Docker Hardened Images and
applies their VEX statements without additional configuration.

For more information, see the [Black Duck
documentation](https://documentation.blackduck.com/bundle/bd-hub/page/Reporting/vexReport_global.html).

## Export VEX attestations

For scanners that need local VEX files (like Grype or Trivy with local files),
Expand Down
1 change: 1 addition & 0 deletions content/manuals/dhi/resources.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ features, and announcements:

| Date published | Title |
|------|-------|
| May 5, 2026 | [Precision Container Security with Docker and Black Duck](https://www.docker.com/blog/precision-container-security-with-docker-and-black-duck/) |
| April 14, 2026 | [Why We Chose the Harder Path: Docker Hardened Images, One Year Later](https://www.docker.com/blog/why-we-chose-the-harder-path-docker-hardened-images-one-year-later/) |
| April 8, 2026 | [Reclaim Developer Hours through Smarter Vulnerability Prioritization with Docker and Mend.io](https://www.docker.com/blog/reclaim-developer-hours-through-smarter-vulnerability-prioritization-with-docker-and-mend-io/) |
| March 3, 2026 | [Announcing Docker Hardened System Packages](https://www.docker.com/blog/announcing-docker-hardened-system-packages/) |
Expand Down