docs(website): Add a section for the new BlackDuck advisor

Signed-off-by: Frank Viernau <[email protected]>
oss-review-toolkit · Dec 23, 2024 · 16a625a · 16a625a
1 parent ecee57c
commit 16a625a
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/website/docs/tools/advisor.md b/website/docs/tools/advisor.md
@@ -14,6 +14,25 @@ The providers require specific configuration in the [ORT configuration file](htt
 When executing the advisor, the providers to enable are selected with the `--advisors` option (or its short alias `-a`); here a comma-separated list with provider IDs is expected.
 The following sections describe the providers supported by the advisor:
 
+# Black Duck
+
+This vulnerability provider obtains information about security vulnerabilities from the Black Duck instance specified
+in the configuration. The configuration is mandatory, because authentication is required.
+The implementation is in *experimental* state. Initial experiments indicate that it works with the ecosystems
+crate, gem, hackage, maven, npm, nuget, pod, pub, and pypi, see https://github.com/oss-review-toolkit/ort/issues/9638.
+
+```yaml
+ort:
+  advisor:
+    config:
+      BlackDuck:
+        options:
+          serverUrl: 'server-url'
+          apiToken: 'token'
+```
+
+To enable this provider, pass `-a BlackDuck` on the command line.
+
 ## OSS Index
 
 This vulnerability provider does not require any further configuration as it uses the public service at https://ossindex.sonatype.org/.