Backstage plugins

Black Duck

Created by Deepankumar

Shows Black Duck risk profiles and vulnerability tables on Backstage entity pages, incl. all versions; uses the BlackDuck backend and entity annotations.

Codacy Repo Adder

Created by Codacy

Automatically adds new GitHub/GitLab/Bitbucket repos to Codacy during Backstage scaffolding via the codacy:add-repo action, using your Codacy API key.

Dependencytrack

Created by TRIMM

Shows OWASP Dependency-Track metrics and findings in Backstage via summary and findings cards, using project-id annotations and a proxied API.

Mend.io

Created by Mend.io

Integrates Mend.io into Backstage to visualize projects and security findings with stats, multi-select filters, and repo URL-based drill-down in overviews

Security Insights

Created by Roadie

Displays GitHub vulnerabilities and Dependabot alerts on Backstage entity pages, with filtering, search, and overview widgets for vulnerability stats.

Snyk

Created by Snyk

Displays Snyk vulnerabilities in Backstage via an entity tab and overview widget, using org/target/project annotations and a proxy with SNYK_TOKEN.

Sysdig

Created by Sysdig

Displays Sysdig Secure vulnerability and posture reports in Backstage, linked via annotations to Kubernetes runtime, image registry, and pipeline scans.

Wiz

Created by Roadie

Show Wiz security insights in Backstage, surfacing cloud misconfigurations, risks, and compliance findings directly for catalog entities.