Skip to content

Fix blackduck#841

Merged
Schmarvinius merged 5 commits into
mainfrom
fix-blackduck
May 29, 2026
Merged

Fix blackduck#841
Schmarvinius merged 5 commits into
mainfrom
fix-blackduck

Conversation

@lisajulia
Copy link
Copy Markdown
Contributor

@lisajulia lisajulia commented May 27, 2026
edited
Loading

Fix BlackDuck CI Configuration and Dependency Updates

🔧 Chore: Cleaned up the BlackDuck scan action by removing unnecessary github_token input, and updated several dependency versions in the Maven build files.

Changes

  • .github/actions/scan-with-blackduck/action.yml: Removed the github_token input parameter and its usage in the BlackDuck Security Scan step. Also fixed indentation in the detect_args block.
  • .github/workflows/main.yml: Removed the github_token reference passed to the BlackDuck scan action.
  • pom.xml: Updated software.amazon.awssdk-s3-version from 2.42.33 to 2.44.11, bumped com.sap.cloud.sdk:sdk-bom from 5.27.0 to 5.30.0
  • added io.netty:netty-bom version 4.2.14.Final to the dependency management section.
  • storage-targets/cds-feature-attachments-oss/pom.xml: Updated azure-storage-blob from 12.33.3 to 12.34.0 and google-cloud-storage from 2.66.0 to 2.68.0.
  • 🔄 Regenerate and Update Summary
PR Bot Information

Version: 1.21.0

  • Summary Prompt: Default Prompt
  • Correlation ID: e5b1fa3d-8b5d-4d04-aa40-a7fd907e4a7d
  • Event Trigger: pull_request.edited
  • LLM: anthropic--claude-4.6-sonnet
  • Output Template: Default Template
  • File Content Strategy: Full file content

hyperspace-insights[bot]
hyperspace-insights Bot reviewed May 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@hyperspace-insights hyperspace-insights Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR is a minimal and clean fix that removes the now-unused github_token input from the composite action and its callers, and adds a RAPID-mode BlackDuck scan job to the PR workflow. One issue was flagged: the pinned SHA for actions/checkout carries an incorrect # v6 version comment — it should be # v4.

PR Bot Information

Version: 1.21.0

  • LLM: anthropic--claude-4.6-sonnet
  • Event Trigger: pull_request.opened
  • Correlation ID: 9727e100-69ac-446f-85bd-c67c7a897046
  • File Content Strategy: Full file content
  • Agent Instructions:

Comment thread .github/workflows/pr.yml
@lisajulia lisajulia force-pushed the fix-blackduck branch 2 times, most recently from 27f1354 to f3865e2 Compare May 27, 2026 15:42
@lisajulia lisajulia force-pushed the fix-blackduck branch 2 times, most recently from 13fecfd to de58097 Compare May 27, 2026 15:48
@lisajulia
Copy link
Copy Markdown
Contributor Author

lisajulia commented May 27, 2026
edited
Loading

@Schmarvinius: Can you have a look at this? Here, the blackduck scan passes: https://github.com/cap-java/cds-feature-attachments/actions/runs/26522023089/job/78115440499.
Also: We could run the blackduck scan in rapid mode on PRs, then that can be compared to the last run on main which was persisted. We can even tell Blackduck to compare against the last saved scan and check if new vulnerabilites were added: https://documentation.blackduck.com/bundle/detect/page/runningdetect/rapidscan.html#rapid-scan-compare-mode.
In any case, we still have to monitor the scans on main.

@lisajulia
Add BlackDuck RAPID scan to PR workflow with BOM_COMPARE mode
3c936a1 
- Add blackduck job to pr.yml using RAPID scan mode so PRs get a fast
  policy gate without uploading results to the BlackDuck server
- Set rapid_compare_mode=BOM_COMPARE so only violations introduced by
  the PR are flagged, not pre-existing ones from the main branch scan
- Add rapid_compare_mode input to scan-with-blackduck action to support
  configurable compare mode for RAPID scans
@lisajulia lisajulia force-pushed the fix-blackduck branch 2 times, most recently from b3fc452 to 3c936a1 Compare May 28, 2026 03:52
@Schmarvinius Schmarvinius merged commit 2149657 into main May 29, 2026
55 of 58 checks passed
@Schmarvinius Schmarvinius deleted the fix-blackduck branch May 29, 2026 07:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hyperspace-insights hyperspace-insights[bot] hyperspace-insights[bot] left review comments

@Schmarvinius Schmarvinius Schmarvinius approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lisajulia @Schmarvinius