Skip to content
CI-Polaris

Sigint 2349 2 #636

Sign in to view logs

Sigint 2349 2

Sigint 2349 2 #636

Workflow file for this run

.github/workflows/polaris.yml at 5f68e14
name: CI-Polaris
on:
push:
branches: [ main, master, develop, stage, release ]
pull_request:
branches: [ main, master, develop, stage, release ]
workflow_dispatch:
jobs:
polaris-scan:
runs-on: [ self-hosted, macOS, lokesh ]
steps:
- name: Checkout Source
uses: actions/checkout@v3
- name: Polaris Full Scan
if: ${{ github.event_name != 'pull_request' }}
uses: blackduck-inc/black-duck-security-scan@main
with:
polaris_server_url: ${{ secrets.POLARIS_SERVERURL }}
polaris_access_token: ${{ secrets.POLARIS_ACCESSTOKEN }}
polaris_application_name: integrations
polaris_project_name: synopsys-action
polaris_assessment_types: "SCA,SAST"
bridgecli_download_url: https://artifactory.internal.synopsys.com/artifactory/clops-local/clops.sig.synopsys.com/bridge/binaries/bridge-cli-bundle/latest/bridge-cli-bundle-macos_arm.zip
#polaris_waitForScan: false # Used to support the async mode
# project_directory:
### Uncomment below configuration for source code upload
# polaris_assessment_mode: "SOURCE_UPLOAD"
# project_source_archive: ${{ vars.PROJECT_SOURCE_ARCHIVE }}
# project_source_excludes: ${{ vars.PROJECT_SOURCE_EXCLUDES }} # Accepts Multiple Values
# project_source_preserveSymLinks: true
### Uncomment below configuration if Synopsys Bridge diagnostic files needs to be uploaded
include_diagnostics: true
### SARIF report generation and upload to GitHub Adavanced Security Tab: Uncomment below to enable
#polaris_reports_sarif_create: true
# polaris_reports_sarif_file_path: '/Users/tmp/report.sarif.json' # File path (including file name) where SARIF report is created.
# polaris_reports_sarif_severities: "CRITICAL,HIGH"
# polaris_reports_sarif_groupSCAIssues: true
polaris_reports_sarif_issue_types: 'SCA, SAST'
#polaris_upload_sarif_report: true
github_token: ${{ secrets.GITHUB_TOKEN }} # Required when polaris_upload_sarif_report is set as true
### Signature scan
#polaris_test_sca_type: "SCA-SIGNATURE"
### Uncomment below to add arbitrary CL parameters
#detect_search_depth: 2
#detect_args: '--detect.diagnostic=true'
#detect_config_path: '/Users/lokesha/IdeaProjects/central-scm-library-example/scm-library-example-main/src/main/resources/application.properties'
#coverity_build_command: npm run all
# coverity_clean_command: mvn clean
# coverity_config_path: /Users/Config/coverity.yml
#coverity_args: --config-override capture.build.build-command=npm run all
- name: Polaris PR Scan
if: ${{ github.event_name == 'pull_request' }}
uses: blackduck-inc/black-duck-security-scan@main
with:
polaris_server_url: ${{ secrets.POLARIS_SERVERURL }}
polaris_access_token: ${{ secrets.POLARIS_ACCESSTOKEN }}
polaris_application_name: integrations
polaris_project_name: synopsys-action
polaris_assessment_types: "SCA,SAST"
# project_directory: ${{ vars.PROJECT_DIRECTORY }}
### Uncomment below configuration for source code upload
# polaris_assessment_mode: "SOURCE_UPLOAD"
# project_source_archive: ${{ vars.PROJECT_SOURCE_ARCHIVE }}
# project_source_excludes: ${{ vars.PROJECT_SOURCE_EXCLUDES }} # Accepts Multiple Values
# project_source_preserveSymLinks: true
### Below configuration is used to enable feedback from Polaris security testing as pull request comment
polaris_prComment_enabled: true
polaris_branch_parent_name: main
github_token: ${{ secrets.GITHUB_TOKEN }}
# Mandatory when polaris_prComment_enabled is set to 'true'
### Uncomment below configuration if Synopsys Bridge diagnostic files needs to be uploaded
include_diagnostics: true