Network requirements

Black Duck requires the following ports to be externally accessible:

  • Port 443 – Web server HTTPS port for Black Duck via NGiNX

  • Port 55436 – Read-only database port from PostgreSQL for reporting

If your corporate security policy requires registration of specific URLs, connectivity from your Black Duck installation to Black Duck Software hosted servers is limited to communications via HTTPS/TCP on port 443 with the following servers:

  • updates.suite.blackducksoftware.com (to register your software)

  • kb.blackducksoftware.com (access Black Duck KB data)

  • https://auth.docker.io/token?scope=repository/blackducksoftware/blackduckregistration/pull&service=registry.docker.io (access to Docker Registry)

  • data.reversinglabs.com and api.reversinglabs.com (if ReversingLabs scanning is enabled)

Note: If you are using a network proxy, these URLs must be configured as destinations in your proxy configuration.

Allow list addresses and IP ranges

Note: HTTPS is used for all traffic to Black Duck. IPs that include a subnet mask (for example, /22 in 103.21.244.0/22) represent a range of IPs, all of which should be allow listed to ensure Black Duck functions as intended.

Ensure that the following addresses and IPs are on the allow list:

Domain IP Address(es)

kb.blackducksoftware.com

34.160.126.173, 34.149.112.69, 34.111.46.24, 35.224.73.200, 35.242.234.51, 35.220.236.106
updates.suite.blackducksoftware.com

35.244.241.173
scass.blackduck.com 35.244.200.22
repo.blackduck.com 34.149.5.115
production.cloudflare.docker.com

173.245.48.0/20, 103.21.244.0/22, 103.22.200.0/22, 103.31.4.0/22, 141.101.64.0/18, 108.162.192.0/18, 190.93.240.0/20, 188.114.96.0/20, 197.234.240.0/22, 198.41.128.0/17, 162.158.0.0/15, 104.16.0.0/13, 104.24.0.0/14, 172.64.0.0/13, 131.0.72.0/22
hub.docker.com

44.219.3.189, 3.224.227.198, 44.193.181.103
docker.io

44.219.3.189, 3.224.227.198, 44.193.181.103
auth.docker.io

34.226.69.105, 54.196.99.49, 3.219.239.5
registry-1.docker.io

54.196.99.49, 3.219.239.5, 34.226.69.105
github.com 140.82.116.4
data.reversinglabs.com

104.18.24.126, 104.18.25.126
api.reversinglabs.com 185.64.132.12

Verifying connectivity

To verify connectivity, use the cURL command as shown in the following example.

curl -v https://kb.blackducksoftware.com
Tip: It's good to check connectivity on the Docker host but it's better to verify the connectivity from within your Docker network.

IPv4 and IPv6 networks

Black Duck supports IPv4 and IPv6 for ingress and egress traffic. However, the internal Black Duck container network requires IPv4 to function properly. Specifically, Black Duck can handle IPv6 for inbound and outbound network traffic from the Black Duck container cluster to NGiNX, but internal traffic within the cluster must use IPv4.