From 6f7590d002f379f914194588b284ad78ad54b6a9 Mon Sep 17 00:00:00 2001 From: repl-neha-belwal <91696048+repl-neha-belwal@users.noreply.github.com> Date: Wed, 2 Jul 2025 13:06:08 +0530 Subject: [PATCH] add blackduck --- .github/workflows/blackduck.yml | 58 +++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 .github/workflows/blackduck.yml diff --git a/.github/workflows/blackduck.yml b/.github/workflows/blackduck.yml new file mode 100644 index 000000000..08c8d2af1 --- /dev/null +++ b/.github/workflows/blackduck.yml @@ -0,0 +1,58 @@ +name: Black Duck Security Scan + +on: + pull_request: {} + push: + branches: + - main + - master + schedule: + # Run weekly on Sundays at 2 AM UTC + - cron: '0 2 * * 0' + +permissions: + contents: read + packages: read + +jobs: + blackduck-scan: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Test Black Duck Connection + run: | + echo "Testing connection to Black Duck server..." + curl -I "${{ secrets.BLACKDUCK_URL }}" || echo "Connection test failed" + + - name: Run Black Duck Detect + run: | + # Download and run Black Duck Detect + curl -O https://detect.blackduck.com/detect9.sh + chmod +x detect9.sh + + # Add debug logging + ./detect9.sh \ + --blackduck.url=${{ secrets.BLACKDUCK_URL }} \ + --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} \ + --detect.project.name=${{ github.repository }} \ + --detect.project.version.name=${{ github.ref_name }} \ + --detect.source.path=.\ + --detect.code.location.name="${{ github.repository }}-${{ github.ref_name }}" \ + --detect.policy.check.fail.on.severities=BLOCKER,CRITICAL \ + --detect.cleanup=false \ + --logging.level.detect=DEBUG \ + --blackduck.trust.cert=true \ + --detect.excluded.directories=node_modules,target,build,dist,.git \ + --detect.detector.search.depth=99 + + - name: Upload Black Duck results + uses: actions/upload-artifact@v4 + if: always() + with: + name: blackduck-results + path: | + .synopsys/ + blackduck-output/