From 4a84ccf8e0a280496ac9abb15145e1e7d424a6d9 Mon Sep 17 00:00:00 2001 From: Sadman Anik Date: Wed, 18 Dec 2024 18:07:23 +0600 Subject: [PATCH] Added black duck security scan action template --- code-scanning/black-duck-security-scan-ci.yml | 34 +++++++++++++++++++ ...lack-duck-security-scan-ci.properties.json | 21 ++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 code-scanning/black-duck-security-scan-ci.yml create mode 100644 code-scanning/properties/black-duck-security-scan-ci.properties.json diff --git a/code-scanning/black-duck-security-scan-ci.yml b/code-scanning/black-duck-security-scan-ci.yml new file mode 100644 index 0000000..ab8efe5 --- /dev/null +++ b/code-scanning/black-duck-security-scan-ci.yml @@ -0,0 +1,34 @@ +name: CI-Black-Duck-Security-Scan +on: + push: + branches: [ $default-branch ] + pull_request: + branches: [ $default-branch ] + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout Source + uses: actions/checkout@v3 + - name: Black Duck SCA Scan + uses: blackduck-inc/black-duck-security-scan@v2.0.0 + with: + ### ---------- BLACKDUCK SCA SCANNING: REQUIRED FIELDS ---------- + blackducksca_url: ${{ vars.BLACKDUCKSCA_URL }} + blackducksca_token: ${{ secrets.BLACKDUCKSCA_TOKEN }} + + ### ---------- COVERITY SCANNING: REQUIRED FIELDS ---------- + coverity_url: ${{ vars.COVERITY_URL }} + coverity_user: ${{ secrets.COVERITY_USER }} + coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }} + + ### ---------- POLARIS SCANNING: REQUIRED FIELDS ---------- + polaris_server_url: ${{ vars.POLARIS_SERVER_URL }} + polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }} + polaris_assessment_types: "SCA,SAST" + + ### ---------- SRM SCANNING: REQUIRED FIELDS ---------- + srm_url: ${{ vars.SRM_URL }} + srm_apikey: ${{ secrets.SRM_API_KEY }} + srm_assessment_types: "SCA,SAST" \ No newline at end of file diff --git a/code-scanning/properties/black-duck-security-scan-ci.properties.json b/code-scanning/properties/black-duck-security-scan-ci.properties.json new file mode 100644 index 0000000..8376dbb --- /dev/null +++ b/code-scanning/properties/black-duck-security-scan-ci.properties.json @@ -0,0 +1,21 @@ +{ + "name": "Black Duck Security Scan Workflow", + "description": "The Black Duck Security Scan GitHub Action allows you to configure your pipeline to run Black Duck Security Scan and take action on the security results", + "iconName": "black-duck-icon.png", + "categories": [ + "Code Scanning", + "C", + "C++", + "C#", + "Go", + "Java", + "JavaScript", + "Ruby", + "PHP", + "Swift", + "Kotlin", + "Python", + "VB.NET", + "Objective C" + ] +} \ No newline at end of file