forked from blackducksoftware/detect
-
Notifications
You must be signed in to change notification settings - Fork 0
68 lines (62 loc) · 2.93 KB
/
detect-scan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
name: Black Duck
# Run Rapid Scan on all pull requests and pushes to a main branch
on:
# Run Black Duck on pushes to main branches, and pull requests that are going
# to be merged to main branches.
push:
branches: [ master, main ]
pull_request:
branches: [ master, main ]
# Allow ad-hoc, manual invocations of the Coverity workflow.
workflow_dispatch:
jobs:
build:
# The type of runner that the job will run on - Black Duck can also run on Windows and macOS
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
# Set up JDK 11 in runtime environment, necessary for running the Detect tool (invoked by the
# detect plugin)
- name: Set up JDK 11
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
- name: Black Duck (Rapid scan)
if: ${{ github.event_name == 'pull_request' }}
uses: synopsys-sig/detect-action@main
# For pull requests, limit the feedback to policy violations newly introduced by code changes
# within the PR. This option will compare the results found in the PR scan to the results found
# in the last central full/intelligent scan, and only report the new violations. This is helpful
# to keep developers focused in their day to day on their code changes and not overwhelm them with
# findings they may not be responsible for.
env:
DETECT_BLACKDUCK_RAPID_COMPARE_MODE: BOM_COMPARE_STRICT
NODE_TLS_REJECT_UNAUTHORIZED: 0
# You can use this option to configure a CA cert if using a self-hosted runner and self-signed
# certificates on your Hub server. This option should point to a file on the local filesystem
# with the CA chain cert
#env:
# NODE_EXTRA_CA_CERTS: ${{ secrets.LOCAL_CA_CERT_PATH }}
with:
scan-mode: RAPID
github-token: ${{ secrets.GITHUB_TOKEN }}
detect-version: 7.14.0
blackduck-url: ${{ secrets.BLACKDUCK_URL }}
blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
- name: Black Duck (Full scan)
if: ${{ github.event_name != 'pull_request' }}
uses: synopsys-sig/detect-action@main
# You can use this option to configure a CA cert if using a self-hosted runner and self-signed
# certificates on your Hub server. This option should point to a file on the local filesystem
# with the CA chain cert
#env:
# NODE_EXTRA_CA_CERTS: ${{ secrets.LOCAL_CA_CERT_PATH }}
with:
scan-mode: INTELLIGENT
github-token: ${{ secrets.GITHUB_TOKEN }}
detect-version: 7.14.0
blackduck-url: ${{ secrets.BLACKDUCK_URL }}
blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}