diff --git a/.github/workflows/blackduck.yaml b/.github/workflows/blackduck.yaml new file mode 100644 index 0000000..8288a60 --- /dev/null +++ b/.github/workflows/blackduck.yaml @@ -0,0 +1,42 @@ +name: CI-BlackDuck-SCA-Basic +on: + push: + branches: + - blackduck # main + # pull_request: + # workflow_dispatch: + +jobs: + build: + runs-on: + - ubuntu-latest + steps: + - name: Checkout Source + uses: actions/checkout@v3 + - name: Black Duck SCA Scan + uses: blackduck-inc/black-duck-security-scan@v2.0.0 + + ### Configure DETECT environment variables + env: + DETECT_PROJECT_NAME: ${{ github.event.repository.name }} + + with: + ### SCANNING: Required fields + blackducksca_url: https://apus-blackduck.volvocars.biz + blackducksca_token: ${{ secrets.BLACKDUCK_TOKEN }} + + ### SCANNING: Optional fields + # blackducksca_scan_failure_severities: 'BLOCKER,CRITICAL' + + ### FIX PULL REQUEST CREATION: Uncomment below to enable + # blackducksca_fixpr_enabled: true + # github_token: ${{ secrets.GITHUB_TOKEN }} # Required when Fix PRs is enabled + + ### PULL REQUEST COMMENTS: Uncomment below to enable + # blackducksca_prcomment_enabled: true + # github_token: ${{ secrets.GITHUB_TOKEN }} # Required when PR comments is enabled + + ### SARIF report generation and upload to GitHub Adavanced Security: Uncomment below to enable + # blackducksca_reports_sarif_create: true # Create Black Duck SCA SARIF report and upload it as artifact + # blackducksca_upload_sarif_report: true # Upload Black Duck SCA SARIF report in GitHub Advanced Security tab + # github_token: ${{ secrets.GITHUB_TOKEN }} # Required when blackducksca_upload_sarif_report is set as true \ No newline at end of file