diff --git a/.ci/blackduck_source.sh b/.ci/blackduck_source.sh
index d287491ad..c15dd4015 100755
--- a/.ci/blackduck_source.sh
+++ b/.ci/blackduck_source.sh
@@ -25,7 +25,7 @@ echo "    SRC_PATH: ${PROJECT_SRC_PATH}"
 
 # clone BlackDuck
 [[ -d /tmp/blackduck ]] && rm -rf /tmp/blackduck
-sudo -u swx-jenkins git clone -c core.sshCommand="ssh -i ~/.ssh/id_ed25519" -b master --single-branch --depth=1 ssh://git-nbu.nvidia.com:12023/DevOps/Tools/blackduck /tmp/blackduck
+git clone -c core.sshCommand="ssh -i ~/.ssh/id_ed25519" -b master --single-branch --depth=1 ssh://git-nbu.nvidia.com:12023/DevOps/Tools/blackduck /tmp/blackduck
 cd /tmp/blackduck
 
 # disable check errors
diff --git a/.ci/pipeline/release_jjb.yaml b/.ci/pipeline/release_jjb.yaml
index 51f5220d6..069474007 100644
--- a/.ci/pipeline/release_jjb.yaml
+++ b/.ci/pipeline/release_jjb.yaml
@@ -35,6 +35,10 @@
             name: "do_release"
             default: true
             description: "Release build packges into the release folder, set to false for debugging"
+        - bool:
+            name: "do_blackduck"
+            default: true
+            description: "Run BlackDuck."
         - string:
             name: "notification_email"
             default: "{jjb_release_email}"
diff --git a/.ci/pipeline/release_matrix_job.yaml b/.ci/pipeline/release_matrix_job.yaml
index 5f7d2a93b..b61ddf164 100644
--- a/.ci/pipeline/release_matrix_job.yaml
+++ b/.ci/pipeline/release_matrix_job.yaml
@@ -16,6 +16,9 @@ kubernetes:
       nodeSelector: 'kubernetes.io/arch=amd64'
       jnlpImage: 'harbor.mellanox.com/toolbox/c3po-jnlp:latest'
 
+credentials:
+  - {credentialsId: 'blackduck_api_token', type: 'string', variable: 'BLACKDUCK_API_TOKEN'}
+
 env:
   MAIL_FROM: jenkins@nvidia.com
 
@@ -37,14 +40,36 @@ runs_on_dockers:
       arch: 'x86_64',
       tag: '20250128'
     }
+  - {
+      name: 'blackduck',
+      file: '.ci/dockerfiles/Dockerfile.rhel8.6',
+      category: 'tool',
+      arch: 'x86_64',
+      tag: '20250630',
+      uri: 'vma/$arch/$name/bduck',
+      build_args: '--no-cache --target bduck',
+      runAsUser: '6213',
+      runAsGroup: '101'
+    }
 
 steps:
   - name: Release
-    parallel: false
+    containerSelector:
+      - "{name: 'rhel8.6', variant:1}"
     run: |
       .ci/do_release.sh
     archiveArtifacts: pkg/build_pkg.log,pkg/packages/*.rpm
 
+  - name: Blackduck
+    enable: ${do_blackduck}
+    containerSelector:
+      - "{name: 'blackduck', category:'tool', variant:1}"
+    run: |
+        .ci/blackduck_source.sh
+    archiveArtifacts: 'logs/'
+    credentialsId:
+      - "blackduck_api_token"
+
 pipeline_start:
     shell: action
     module: groovy