From feaa180d293324616be64f3632d92fe53b0b6838 Mon Sep 17 00:00:00 2001 From: Christophe Jauffret Date: Fri, 1 Dec 2023 06:32:56 +0100 Subject: [PATCH] switch to new blackduck action --- .github/workflows/synopsys-schedule.yaml | 18 ++++++++++-------- .github/workflows/synopsys.yaml | 24 ++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 8 deletions(-) diff --git a/.github/workflows/synopsys-schedule.yaml b/.github/workflows/synopsys-schedule.yaml index cef9e24..1ef8685 100644 --- a/.github/workflows/synopsys-schedule.yaml +++ b/.github/workflows/synopsys-schedule.yaml @@ -1,4 +1,4 @@ -name: Black Duck Intelligent Policy Check +name: Black Duck Daily Policy Check on: schedule: - cron: "0 0 * * *" @@ -18,11 +18,13 @@ jobs: - name: Build Project run: make build - - name: Run Synopsys Detect - uses: synopsys-sig/detect-action@v0.3.4 + - name: Black Duck Full Scan + uses: synopsys-sig/synopsys-action@v1.5.0 + env: + DETECT_PROJECT_NAME: ${{ github.event.repository.name }} with: - scan-mode: INTELLIGENT - github-token: ${{ secrets.GITHUB_TOKEN }} - detect-version: 8.10.0 - blackduck-url: ${{ secrets.BLACKDUCK_URL }} - blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }} + blackduck_url: ${{ secrets.BLACKDUCK_URL }} + blackduck_apiToken: ${{ secrets.BLACKDUCK_API_TOKEN }} + github_token: ${{ secrets.GITHUB_TOKEN }} + blackduck_scan_full: true + blackduck_scan_failure_severities: 'BLOCKER,CRITICAL' diff --git a/.github/workflows/synopsys.yaml b/.github/workflows/synopsys.yaml index c56b47b..5a6f6f9 100644 --- a/.github/workflows/synopsys.yaml +++ b/.github/workflows/synopsys.yaml @@ -27,3 +27,27 @@ jobs: detect-version: 8.10.0 blackduck-url: ${{ secrets.BLACKDUCK_URL }} blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }} + + - name: Black Duck Full Scan + if: ${{ github.event_name != 'pull_request' }} + uses: synopsys-sig/synopsys-action@v1.5.0 + env: + DETECT_PROJECT_NAME: ${{ github.event.repository.name }} + with: + blackduck_url: ${{ secrets.BLACKDUCK_URL }} + blackduck_apiToken: ${{ secrets.BLACKDUCK_API_TOKEN }} + github_token: ${{ secrets.GITHUB_TOKEN }} + blackduck_scan_full: true + blackduck_scan_failure_severities: 'BLOCKER,CRITICAL' + + - name: Black Duck PR Scan + if: ${{ github.event_name == 'pull_request' }} + uses: synopsys-sig/synopsys-action@v1.5.0 + env: + DETECT_PROJECT_NAME: ${{ github.event.repository.name }} + with: + blackduck_url: ${{ secrets.BLACKDUCK_URL }} + blackduck_apiToken: ${{ secrets.BLACKDUCK_API_TOKEN }} + github_token: ${{ secrets.GITHUB_TOKEN }} + blackduck_scan_full: false + blackduck_automation_prcomment: true