CI - Security - SCA Scan - BlackDuck #861

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/blackduck.yml at aa86f85

	name: CI - Security - SCA Scan - BlackDuck

	on:
	push:
	branches: [ main, master, develop, stage, release ]
	pull_request:
	branches: [ main, master, develop, stage, release ]
	pull_request_review:
	types: [submitted, edited]
	workflow_dispatch:
	jobs:
	build:
	runs-on: [ self-hosted, macOS, lokesh ]
	#runs-on: ubuntu-latest
	steps:
	- name: Checkout Source
	uses: actions/checkout@v3
	- name: Black Duck Full Scan
	if: ${{ github.event_name != 'pull_request' }}
	uses: blackduck-inc/black-duck-security-scan@main

	### Use below configuration to set specific detect environment variables
	env:
	DETECT_PROJECT_NAME: ${{ github.event.repository.name }}
	with:
	blackducksca_url: ${{ secrets.BLACKDUCK_URL }}
	blackducksca_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
	blackducksca_scan_full: true
	bridgecli_install_directory: /Users/lokesha/temp_bridge

	### Accepts Multiple Values
	blackducksca_scan_failure_severities: 'BLOCKER,CRITICAL'
	blackducksca_policy_badges_create: true
	blackducksca_policy_badges_maxCount: 5
	include_diagnostics: true

	### Uncomment below configuration to enable automatic fix pull request creation if vulnerabilities are reported
	blackducksca_fixpr_enabled: true
	#blackduck_fixpr_maxCount: 5
	# blackduck_fixpr_filter_severities: 'CRITICAL,HIGH'
	# blackduck_fixpr_useUpgradeGuidance: 'SHORT_TERM,LONG_TERM'
	github_token: ${{ secrets.GITHUB_TOKEN }} # Mandatory when blackduck_fixpr_enabled is set to 'true'

	### SARIF report generation and upload to GitHub Adavanced Security: Uncomment below to enable
	blackduck_reports_sarif_create: true # Create Black Duck SARIF report and upload it as artifact
	# blackduck_reports_sarif_file_path: '/Users/tmp/report.sarif.json' # File path including file name where SARIF report should be created(need to include file name as well)
	# blackduck_reports_sarif_severities: 'CRITICAL,HIGH'
	# blackduck_reports_sarif_groupSCAIssues: true # By default true
	blackduck_upload_sarif_report: true # Upload Black Duck SARIF report in GitHub Advanced Security tab
	# github_token: ${{ secrets.GITHUB_TOKEN }} # Required when blackduck_upload_sarif_report is set as true

	### Uncomment below configuration if Synopsys Bridge diagnostic files needs to be uploaded
	# include_diagnostics: true
	- name: Black Duck PR Scan
	if: ${{ github.event_name == 'pull_request' }}
	uses: blackduck-inc/black-duck-security-scan@SIGINT-2531


	### Use below configuration to set specific detect environment variables
	env:
	DETECT_PROJECT_NAME: ${{ github.event.repository.name }}
	with:
	blackducksca_url: ${{ secrets.BLACKDUCK_URL }}
	blackducksca_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
	blackducksca_scan_full: false
	blackducksca_policy_badges_create: true
	blackducksca_policy_badges_maxCount: 5

	blackducksca_prComment_enabled: true
	#synopsys_bridge_download_version: "2.3.0"

	### Below configuration is used to enable automatic pull request comment based on Black Duck scan result
	#blackduck_prComment_enabled: true
	github_token: ${{ secrets.GITHUB_TOKEN }}
	# Mandatory when blackduck_automation_prcomment is set to 'true'

	### Uncomment below configuration if Synopsys Bridge diagnostic files needs to be uploaded
	include_diagnostics: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CI - Security - SCA Scan - BlackDuck #861

Workflow file

CI - Security - SCA Scan - BlackDuck #861

Jobs

Run details

Workflow file for this run