> ## Documentation Index
> Fetch the complete documentation index at: https://docs.leen.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Black Duck SCA

> Instructions on how to configure API access for Black Duck SCA to fetch open-source component vulnerabilities and license risks.

## Supported Data Models

* [Vulnerability Findings V2](/integrations/v2/vulnerability-findings-v2)
  * type: `dependency`

* [Issues (AppSec)](/integrations/application-security)
  * type: `vulnerability`

* Resources
  * type: `repository`

## Onboarding Black Duck SCA

Follow the steps below to onboard your Black Duck environment to Leen.

<Steps>
  <Step title="Generate an API Token">
    1. Log in to your Black Duck instance.

    2. Click your user avatar in the top-right corner and navigate to **My Profile** → **User Profile**.

    3. Under the **API Tokens** section, click **Generate New Token**.

    4. Give the token a descriptive name (e.g., "Leen Integration") and click **Generate**.

    <Warning>
      Copy and store the token value immediately — it will not be shown again after you close the dialog.
    </Warning>
  </Step>

  <Step title="Ensure Required Permissions">
    The user account associated with the token must have at minimum:

    * **Global Role**: `Read Only` or higher (to list projects, versions, and BOM components)
    * Access to all projects you wish to sync

    <Note>
      A dedicated service account with read-only access to all relevant projects is strongly recommended over a personal user account.
    </Note>
  </Step>

  <Step title="Enter Configuration Parameters in Leen">
    In your Leen integration configuration, provide the following:

    | Parameter      | Description                                                        | Required |
    | -------------- | ------------------------------------------------------------------ | -------- |
    | **Server URL** | Your Black Duck server URL (e.g., `https://blackduck.example.com`) | Yes      |
    | **API Token**  | The API token generated in Step 1.                                 | Yes      |
  </Step>
</Steps>

## Data Synced

The Black Duck SCA integration syncs the following data:

* **Vulnerable BOM Components**: One record per (component, vulnerability) pair across all project versions, including component name/version, CVSS scores, remediation status, and vulnerability identifiers
* **Projects**: Black Duck project metadata used as resource records (deduplicated across versions)

For any additional information about our field mappings or integrations, please contact us.