Skip to content

Merge pull request #78 from cap-js/SDMEXT-790/UpdateChangeLogRel1.2.2 #81

Merge pull request #78 from cap-js/SDMEXT-790/UpdateChangeLogRel1.2.2

Merge pull request #78 from cap-js/SDMEXT-790/UpdateChangeLogRel1.2.2 #81

Workflow file for this run

name: Blackduck analysis
on:
push:
branches:
- develop
pull_request:
branches:
- develop
types: [opened, synchronize, reopened]
workflow_dispatch:
permissions:
pull-requests: read # allows SonarQube to decorate PRs with analysis results
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: npm install
run: |
npm install
curl --silent -O https://detect.synopsys.com/detect9.sh
- name: Run & analyze BlackDuck Scan
run: |
bash ./detect9.sh \
--logging.level.com.synopsys.integration=DEBUG \
--blackduck.url="https://sap.blackducksoftware.com" \
--blackduck.api.token=""${{ secrets.BLACKDUCK_TOKEN }}"" \
--detect.blackduck.signature.scanner.arguments="--min-scan-interval=0" \
--detect.npm.arguments \
--detect.latest.release.version="9.6.0" \
--detect.project.version.distribution="SaaS" \
--detect.blackduck.signature.scanner.memory=4096 \
--detect.timeout=6000 \
--blackduck.trust.cert=true \
--detect.project.user.groups="SAP_DOC_MGMT_CAP_NODEJS 1.0" \
--detect.project.name="SAP_DOC_MGMT_CAP_NODEJS 1.0" \
--detect.project.version.name="1.0" \
--detect.code.location.name="SAP_DOC_MGMT_CAP_NODEJS 1.0/1.0" \
--detect.source.path="/home/runner/work/sdm/sdm"