Black Duck SCA

Supported Data Models

Follow the steps below to onboard your Black Duck environment to Leen.

Generate an API Token

Log in to your Black Duck instance.
Click your user avatar in the top-right corner and navigate to My Profile → User Profile.
Under the API Tokens section, click Generate New Token.
Give the token a descriptive name (e.g., “Leen Integration”) and click Generate.

Copy and store the token value immediately — it will not be shown again after you close the dialog.

Ensure Required Permissions

The user account associated with the token must have at minimum:

Global Role: Read Only or higher (to list projects, versions, and BOM components)
Access to all projects you wish to sync

A dedicated service account with read-only access to all relevant projects is strongly recommended over a personal user account.

Enter Configuration Parameters in Leen

In your Leen integration configuration, provide the following:

Parameter	Description	Required
Server URL	Your Black Duck server URL (e.g., `https://blackduck.example.com`)	Yes
API Token	The API token generated in Step 1.	Yes

The Black Duck SCA integration syncs the following data:

Vulnerable BOM Components: One record per (component, vulnerability) pair across all project versions, including component name/version, CVSS scores, remediation status, and vulnerability identifiers
Projects: Black Duck project metadata used as resource records (deduplicated across versions)

For any additional information about our field mappings or integrations, please contact us.