Support Black Duck Hub as a snippet scanner

[porsche-rishisaxena]

As ORT is an orchestrator, it should allow to configure BlackDuck as scanner where code snippet can be scanned and result can be stored in ORT backend storage i.e. PostgreSQL

High Level Consideration

1. Analyzer-result.yml generated by running analyzer
2. API call request to BlackDuck transforming .yml meta-data to .json format
3. API response from BlackDuck in .json format
4. scan-result from black-duck stored in ORT backend storage i.e., PostgreSQL
5. scan-result is fed into ORT evaluate to report for generating various output formats such as Web App, and JSON.

[sschuberth]

Also see #3265 and #2819, FYI.

[sschuberth]

Maybe also @JeroenKnoops's BlackDuck GitHub Action is of interest in this context.

[tsteenbe]

@porsche-rishisaxena Can you update this issue to make clear whether BlackDuck means Protex or Hub?

[tsteenbe]

Clarified in ORT developer meeting of July 7th, 2022 - it's Black Duck Hub not the legacy Black Duck Protex IP

[nnobelis]

Hello,

We are in the process of designing a common abstraction to represent the snippets in the ORT model. This abstraction will be submitted to the ORT community.
Our plan is to support FossID and SCANOSS but we would like, if possible, to support also Blackduck.

Could someone provide a sample response of Blackduck (ideally on the Semver4j project), so we can have a look at their data model for snippets ?

[JeroenKnoops]

@nnobelis What kind of format do you require? The SPDX output?