Closed Kysometlak closed 4 years ago
Could you call Docker Inspector from Detect, and get it that way?
Ofc. you can. Issue is the requirement of using extra .jar (detect) just to be able to add user groups to the result.
We use dockerized solutions, as small as possible, without need of downloading anything extra from external sources.
OK, understood. Unfortunately we have to focus our efforts where they are most needed, and for Docker Inspector that means focusing on functions that can't be accomplished every other way (which basically means: Docker image scanning-related functions). Docker Inspector does include rudimentary Black Duck project creation capability, but we currently have no plans to expand it beyond that, and ask users to use Detect if they need more.
Understood. It makes sense that there are far more important thinks to focus on, than this, especially if there is a workaround. Thank you for your comments
It appears that blackduck-docker-inspector is missing a user.groups property to set project user groups for scanned project. Checked documentation and source, it is not implemented as in synopsys-detect.
It is really unfortunate, as we use the user groups for access control in black duck hub (we have huge amount of projects) and docker-inspector seemed to be the most practical way to scan our images.