The User Profile
Before getting started with Black Duck Binary Analysis, you might want to set up your profile. Start by selecting your username, at the upper right-hand corner of the user interface. Then, select My profile.
The user profile page allows you to perform actions such as:
- Set up email notifications.
- Change your password.
- Acquire an API key to access Black Duck Binary Analysis by way of HTTP requests (You can also use standard authentication with your username and password, unless multi-factor authentication is enabled.).
- Set up multi-factor authentication.
Note: From BDBA 2023.6.0 onwards, you cannot re-use your last three passwords.
Configure Timestamps
You can configure timestaps to show local time instead of UTC (default) time by turning on the Display all times using local time instead of UTC toggle switch on the User settings page. This setting affects all timestamps visible in the UI for the current user.
Note that this is the only supported way to configure the time of your timestaps.
Set Up Email Notifications
Black Duck Binary Analysis can send email notifications to provide information about new vulnerabilities affecting a product in any of the groups you are a member of. To set up and configuration email notification:
- From the My profile page, select User settings.
- In the Send notifications drop-down list box, select how often you want to receive notifications. To disable notifications, select Never.
- In the Notification email field, enter the email address where you want the notifications to be sent.
- You can configure notifications to be sent as a POST request to a URL. To do this, enter the URL in the URL for notifications field.
- If you turn on the Send URL to notification content instead of including it in notification toggle switch, the email notification contains only the link to the content.
- Set the notification filters for applications you want to receive vulnerability notifications for. Filtering is done based on the application name (name of uploaded file). The filters are OR type and the application name does not have to match all filters, one is enough. If no filters are set, no filtering is done and notifications will be sent for all applications. Matching is case sensitive and the maximum length of a filter is 255 characters. Unix type wildcards are supported:
- * matches everything
- ? matches any single character
- [seq] matches any character in seq
- [!seq] matches any character not in seq
Filter examples:
MyApp_2.?.?.apk will match MyApp_2.0.0.apk, MyApp_2.9.9.apk will not match MyApp_1.0.0.apk, MyApp_2.1.apk, MyApp_2.1.10.apk *.exe will match applications with the exe extension, for example WindowsApplication.exe, 1.exe Example.dll will only match applications named exactly Example.dll MyBinaries_[123].tar will match MyBinaries_1.tar, MyBinaries_2.tar, MyBinaries_3.tar and nothing else [!XYZ]* will match applications that don't begin with X, Y or Z, for example MyApp_1.2.3.apk, x-file.x, AX-1.tar
You can create as many filters as you want.
- Select Save changes to confirm your changes.
- Click on Test email to check that the email works correctly.
As a Black Duck Binary Analysis cloud user, you can also subscribe to technical notifications. These notifications contain information about upcoming API changes, maintenance breaks, and related technical matters. To subscribe to technical notifications:
- From the User settings page, turn on the Subscribe to technical notifications toggle switch.
Set Up Multi-Factor Authentication
You can activate multi-factor authentication using a third-party vendor.
- From the My profile page, select Authentication.
- Turn on the Enable MFA toggle switch under Multi-Factor authentication.
- Black Duck Binary Analysis generates a hex-encoded key in the key field. This becomes the public key for authentication when you log into Black Duck Binary Analysis. Black Duck Binary Analysis will also generate a QR code to simplify the process of transferring the key to another device (such as a phone) to set up the two-factor authentication.
- Provide the key (the QR code) to the service you are using for two-factor authentication. That service can use the public key to provide access tokens that will work with your account.
- Enter the code from your selected service into the code field and select Confirm.
- You are required to log in with the multi-factor authentication code to confirm the device. Multi-factor authentication will also be required the next time you log in.
Note:
- When multi-factor authentication is enabled, your account cannot access the API by way of your username and password. Instead, you must authenticate with an API key, which you can enable from the Authentication settings page.
- You can disable multi-factor authentication for your account by turning off the Enable MFA toggle switch on the Authentication settings page. To additionally remove the confirmed device, select Remove device.
- A power-user can disable multi-factor authentication for other users. Go to Home > Manage users. Then select Edit next to the user you want to change. On the User profile page, select Disable MFA.