Files
starter-workflows/code-scanning/black-duck-security-scan-ci.yml
T

55 lines
2.0 KiB
YAML
Raw Normal View History

2025-01-30 13:48:02 +06:00
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
2025-02-10 11:43:15 +06:00
# Black Duck Security Action allows you to integrate Static Analysis Security Testing (SAST) and Software Composition Analysis (SCA) into your CI/CD pipelines.
2025-01-30 13:48:02 +06:00
# For more information about configuring your workflow,
# read our documentation at https://github.com/blackduck-inc/black-duck-security-scan
2025-02-05 13:47:33 +06:00
name: CI Black Duck security scan
on:
push:
2025-02-05 13:47:33 +06:00
branches: [ $default-branch, $protected-branches ]
pull_request:
2025-02-05 13:47:33 +06:00
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
2025-02-05 13:47:33 +06:00
schedule:
- cron: $cron-weekly
2025-02-10 11:43:15 +06:00
jobs:
build:
runs-on: ubuntu-latest
2025-02-05 13:47:33 +06:00
permissions:
contents: read
pull-requests: write
security-events: write
actions: read
steps:
2025-02-05 13:47:33 +06:00
- name: Checkout source
2025-02-07 14:47:21 +06:00
uses: actions/checkout@v4
2025-02-05 13:47:33 +06:00
- name: Black Duck SCA scan
2025-02-10 11:43:15 +06:00
uses: blackduck-inc/black-duck-security-scan@805cbd09e806b01907bbea0f990723c2bb85abe9
with:
### ---------- BLACKDUCK SCA SCANNING: REQUIRED FIELDS ----------
blackducksca_url: ${{ vars.BLACKDUCKSCA_URL }}
blackducksca_token: ${{ secrets.BLACKDUCKSCA_TOKEN }}
### ---------- COVERITY SCANNING: REQUIRED FIELDS ----------
coverity_url: ${{ vars.COVERITY_URL }}
coverity_user: ${{ secrets.COVERITY_USER }}
coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }}
### ---------- POLARIS SCANNING: REQUIRED FIELDS ----------
polaris_server_url: ${{ vars.POLARIS_SERVER_URL }}
polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
polaris_assessment_types: "SCA,SAST"
2025-02-10 11:43:15 +06:00
### ---------- SRM SCANNING: REQUIRED FIELDS ----------
srm_url: ${{ vars.SRM_URL }}
srm_apikey: ${{ secrets.SRM_API_KEY }}
2025-01-30 13:48:02 +06:00
srm_assessment_types: "SCA,SAST"
2025-02-10 11:43:15 +06:00