# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. # Black Duck Security Action allows you to integrate Static Analysis Security Testing (SAST) and Software Composition Analysis (SCA) into your CI/CD pipelines. # For more information about configuring your workflow, # read our documentation at https://github.com/blackduck-inc/black-duck-security-scan name: CI Black Duck security scan on: push: branches: [ $default-branch, $protected-branches ] pull_request: # The branches below must be a subset of the branches above branches: [ $default-branch ] schedule: - cron: $cron-weekly jobs: build: runs-on: ubuntu-latest permissions: contents: read pull-requests: write security-events: write actions: read steps: - name: Checkout source uses: actions/checkout@v4 - name: Black Duck SCA scan uses: blackduck-inc/black-duck-security-scan@805cbd09e806b01907bbea0f990723c2bb85abe9 with: ### ---------- BLACKDUCK SCA SCANNING: REQUIRED FIELDS ---------- blackducksca_url: ${{ vars.BLACKDUCKSCA_URL }} blackducksca_token: ${{ secrets.BLACKDUCKSCA_TOKEN }} ### ---------- COVERITY SCANNING: REQUIRED FIELDS ---------- coverity_url: ${{ vars.COVERITY_URL }} coverity_user: ${{ secrets.COVERITY_USER }} coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }} ### ---------- POLARIS SCANNING: REQUIRED FIELDS ---------- polaris_server_url: ${{ vars.POLARIS_SERVER_URL }} polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }} polaris_assessment_types: "SCA,SAST" ### ---------- SRM SCANNING: REQUIRED FIELDS ---------- srm_url: ${{ vars.SRM_URL }} srm_apikey: ${{ secrets.SRM_API_KEY }} srm_assessment_types: "SCA,SAST"