{"id":6548,"library":"blackduck","title":"Black Duck Python API Client","description":"The `blackduck` library provides Python bindings for interacting with the Synopsys Black Duck Hub REST API. It allows users to automate tasks such as fetching project information, managing vulnerabilities, and integrating with Black Duck's security and compliance features. The current version is 1.1.3, released on April 19, 2024. While functionally stable, the project's release cadence appears to be slow, with no new PyPI versions in the past two years, suggesting a maintenance-focused status.","status":"maintenance","version":"1.1.3","language":"en","source_language":"en","source_url":"https://github.com/blackducksoftware/hub-rest-api-python","tags":["API client","security","SCA","Black Duck","Synopsys"],"install":[{"cmd":"pip install blackduck","lang":"bash","label":"Install stable version"},{"cmd":"pip install blackduck[mcp]","lang":"bash","label":"Install with Model Context Protocol (MCP) support"}],"dependencies":[{"reason":"HTTP client for API communication.","package":"requests","optional":false},{"reason":"Utility for parsing and manipulating dates and times.","package":"python-dateutil","optional":false},{"reason":"Optional dependency for Model Context Protocol (MCP) integration.","package":"fastmcp","optional":true}],"imports":[{"note":"The `HubInstance` class is deprecated and does not support pagination introduced in Black Duck v2022.2. The `Client` class is the recommended and actively maintained interface.","wrong":"from blackduck.HubRestApi import HubInstance","symbol":"Client","correct":"from blackduck import Client"}],"quickstart":{"code":"import os\nfrom blackduck import Client\nimport logging\n\nlogging.basicConfig(\n    level=logging.INFO,\n    format=\"[%(asctime)s] {%(module)s:%(lineno)d} %(levelname)s - %(message)s\"\n)\n\n# Ensure BLACKDUCK_URL and BLACKDUCK_TOKEN environment variables are set\nbd_url = os.environ.get('BLACKDUCK_URL', '')\nbd_token = os.environ.get('BLACKDUCK_TOKEN', '')\n\nif not bd_url or not bd_token:\n    print(\"Error: BLACKDUCK_URL and BLACKDUCK_TOKEN environment variables must be set.\")\n    # In a real application, you might raise an exception or exit\n    exit(1)\n\ntry:\n    # Initialize the Black Duck Client\n    bd = Client(\n        token=bd_token,\n        base_url=bd_url,\n        # verify=False # Uncomment to disable TLS certificate verification (use with caution)\n    )\n\n    print(f\"Successfully connected to Black Duck at {bd_url}\")\n    print(\"Listing first 5 projects:\")\n\n    # Fetch and print project names (Client handles pagination automatically)\n    projects = bd.get_resource(name='projects', limit=5)\n    for project in projects:\n        print(f\"- {project.get('name')}\")\n\nexcept Exception as e:\n    print(f\"An error occurred: {e}\")","lang":"python","description":"This quickstart demonstrates how to initialize the `Client` and fetch a list of projects. It expects `BLACKDUCK_URL` and `BLACKDUCK_TOKEN` to be set as environment variables for secure authentication. The `Client` automatically handles API pagination."},"warnings":[{"fix":"Migrate all API interactions to use the `Client` class, which correctly handles pagination.","message":"The `HubInstance` interface, used in older versions, will break when connecting to Black Duck instances running v2022.2 or later due to the introduction of a max page size in the REST API. It does not provide automatic paging support.","severity":"breaking","affected_versions":"<1.0.0 (or any usage of HubInstance)"},{"fix":"Switch to using the `blackduck.Client` class for all new and existing integrations.","message":"The `HubInstance` interface is deprecated and no longer maintained. Examples using it are not guaranteed to work and any related issues will be closed as 'Won't Fix'.","severity":"deprecated","affected_versions":"All versions, but functionally broken from Black Duck v2022.2+"},{"fix":"Configure Black Duck URL and API token via environment variables `BLACKDUCK_URL` and `BLACKDUCK_TOKEN` respectively, and ensure the `Client` is initialized using these values.","message":"While some examples or older scripts might use a `.restconfig.json` file for configuration (e.g., `baseurl`, `api_token`), it is generally recommended to use environment variables (`BLACKDUCK_URL`, `BLACKDUCK_TOKEN`) for consistency and security in automated environments, especially for the `Client` class.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Monitor the GitHub repository for activity and upcoming releases (v1.1.4 has been mentioned). Exercise caution regarding the responsiveness to new issues or feature requests if the release cadence remains slow.","message":"Despite version 1.1.3 being released on April 19, 2024, the PyPI package has not seen further updates in the last two years (as of April 15, 2026). Snyk reports the maintenance status as 'Inactive', suggesting a potentially low attention from maintainers for new releases, although the GitHub repository shows some recent activity and an upcoming v1.1.4.","severity":"gotcha","affected_versions":"1.1.3 and older"},{"fix":"Consult Black Duck Detect's Python support documentation. Ensure Python, pip executables, and `requirements.txt`/`pyproject.toml` files are correctly identified and that Detect is run within the appropriate virtual environment if applicable.","message":"When integrating with Black Duck Detect (a separate scanning tool, often used in conjunction with this library), ensure that Python environments (e.g., virtualenvs) and package managers (pip, pipenv, poetry) are correctly configured and accessible by Detect. Incorrect setup can lead to incomplete or no results for Python project scans.","severity":"gotcha","affected_versions":"All versions (when used with Black Duck Detect)"}],"env_vars":null,"last_verified":"2026-04-15T00:00:00.000Z","next_check":"2026-07-14T00:00:00.000Z","problems":[]}