From 4f4ef4e030aab6e921ab9cc50856e611c5694ba9 Mon Sep 17 00:00:00 2001 From: lsynopsys <106822263+lsynopsys@users.noreply.github.com> Date: Fri, 22 Dec 2023 23:41:56 +0530 Subject: [PATCH] Synopsys Action's starter workflow (#2234) * Synopsys action starter workflow * Synopsys action - Address review comments * Synopsys action - Address review comments 2 * Addressed review comments * Fixed review comments * Parameter changes accommodation --------- Co-authored-by: kishorikumar <104522232+kishorikumar@users.noreply.github.com> Co-authored-by: Alexis Abril --- .../synopsys-action.properties.json | 7 + code-scanning/synopsys-action.yml | 41 +++ icons/synopsys-action.svg | 271 ++++++++++++++++++ 3 files changed, 319 insertions(+) create mode 100644 code-scanning/properties/synopsys-action.properties.json create mode 100644 code-scanning/synopsys-action.yml create mode 100644 icons/synopsys-action.svg diff --git a/code-scanning/properties/synopsys-action.properties.json b/code-scanning/properties/synopsys-action.properties.json new file mode 100644 index 0000000..3b40d8b --- /dev/null +++ b/code-scanning/properties/synopsys-action.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Synopsys Action", + "creator": "Synopsys", + "description": "The Synopsys GitHub Action allows you to configure your pipeline to run Synopsys security testing and take action on the security results", + "iconName": "synopsys-action", + "categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "Ruby", "PHP", "Swift", "Kotlin" , "Python", "VB.NET", "Objective C"] +} diff --git a/code-scanning/synopsys-action.yml b/code-scanning/synopsys-action.yml new file mode 100644 index 0000000..78855d6 --- /dev/null +++ b/code-scanning/synopsys-action.yml @@ -0,0 +1,41 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +name: Synopsys Security Testing + +on: + push: + # At this time, it is recommended to run Polaris only on pushes to main branches + # Pull request analysis will be supported by Polaris in the future + branches: [ $default-branch, $protected-branches ] + + pull_request: + branches: [ $default-branch ] + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Synopsys Action + uses: synopsys-sig/synopsys-action@v1.6.0 + with: + #------------------------------------------COVERITY----------------------------------------- + coverity_url: ${{ secrets.COVERITY_URL }} + coverity_user: ${{ secrets.COVERITY_USER }} + coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }} + + #------------------------------------------BLACKDUCK---------------------------------------- + blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN }} + blackduck_url: ${{ secrets.BLACKDUCK_URL }} + + #------------------------------------------POLARIS------------------------------------------ + polaris_server_url: ${{ secrets.POLARIS_SERVER_URL }} + polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }} + polaris_assessment_types: "SCA,SAST" + + diff --git a/icons/synopsys-action.svg b/icons/synopsys-action.svg new file mode 100644 index 0000000..7e6e579 --- /dev/null +++ b/icons/synopsys-action.svg @@ -0,0 +1,271 @@ + + + + + + + + + + + +