-
Notifications
You must be signed in to change notification settings - Fork 0
/
blackduck.yml
70 lines (63 loc) · 3.05 KB
/
blackduck.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
name: Black Duck
on:
# Run Black Duck on pushes to main branches, and pull requests that are going
# to be merged to main branches.
push:
branches: [ master, main ]
pull_request:
branches: [ master, main ]
# Allow ad-hoc, manual invocations of the Coverity workflow.
workflow_dispatch:
jobs:
build:
# The type of runner that the job will run on - Black Duck can also run on Windows and macOS
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
# Set up JDK 11 in runtime environment, necessary for running the Detect tool (invoked by the
# detect plugin)
- name: Set up JDK 11
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
- name: Black Duck (Rapid scan)
if: ${{ github.event_name == 'pull_request' }}
uses: synopsys-sig/detect-action@main
# For pull requests, limit the feedback to policy violations newly introduced by code changes
# within the PR. This option will compare the results found in the PR scan to the results found
# in the last central full/intelligent scan, and only report the new violations. This is helpful
# to keep developers focused in their day to day on their code changes and not overwhelm them with
# findings they may not be responsible for.
#
# See https://community.synopsys.com/s/document-item?bundleId=integrations-detect&topicId=properties%2Fconfiguration%2Fblackduck-server.html&_LANG=enus
# and search for COMPARE_MODE for more details.
env:
DETECT_BLACKDUCK_RAPID_COMPARE_MODE: BOM_COMPARE_STRICT
# You can use this option to configure a CA cert if using a self-hosted runner and self-signed
# certificates on your Hub server. This option should point to a file on the local filesystem
# with the CA chain cert
#env:
# NODE_EXTRA_CA_CERTS: ${{ secrets.LOCAL_CA_CERT_PATH }}
with:
scan-mode: RAPID
github-token: ${{ secrets.GITHUB_TOKEN }}
detect-version: 7.12.0
blackduck-url: ${{ secrets.BLACKDUCK_URL }}
blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
- name: Black Duck (Full scan)
if: ${{ github.event_name != 'pull_request' }}
uses: synopsys-sig/detect-action@main
# You can use this option to configure a CA cert if using a self-hosted runner and self-signed
# certificates on your Hub server. This option should point to a file on the local filesystem
# with the CA chain cert
#env:
# NODE_EXTRA_CA_CERTS: ${{ secrets.LOCAL_CA_CERT_PATH }}
with:
scan-mode: INTELLIGENT
github-token: ${{ secrets.GITHUB_TOKEN }}
detect-version: 7.12.0
blackduck-url: ${{ secrets.BLACKDUCK_URL }}
blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}