Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
9b49869
Pull Test for simple workflow
May 24, 2023
c6c745c
Change pipeline to run on self-hosted runner.
May 24, 2023
63c4ae5
New Action based Scan workflow
May 24, 2023
81e0f22
Restructured action script
May 24, 2023
ba2927f
Adding in coverity.conf
May 24, 2023
5aebd71
Streamlined action file
May 25, 2023
62c9486
Exluded .vscode dir from version control
May 25, 2023
2fc9e54
Merge branch 'hdiv:master' into master
mathkraemer Oct 6, 2025
a301fd6
Update to latest Blackduck Coverity Scan Action
mathkraemer Oct 6, 2025
5362cbd
Updating Security Scan Plugin
mathkraemer Oct 6, 2025
22515d5
Added predefined Coverity install dir.
mathkraemer Oct 6, 2025
0d42de1
Added Coverity project name
mathkraemer Oct 6, 2025
c210232
Fixed typo in project_name property.
mathkraemer Oct 6, 2025
625ee3c
Adding coverity.yaml with dummy build cmd.
mathkraemer Oct 6, 2025
7323bca
Chaning policy view string
mathkraemer Oct 6, 2025
1c9ec4f
Config only capture config
mathkraemer Oct 6, 2025
f8954d4
Include diagnostics
mathkraemer Oct 6, 2025
e010ef4
Renamed view
mathkraemer Oct 6, 2025
dcfc464
Removed diagnostics flag
mathkraemer Oct 6, 2025
a0188b4
Reactivated build capture
mathkraemer Oct 6, 2025
846ec71
Added Polaris scan script
mathkraemer Oct 6, 2025
0259fd8
Overwrite prComment impacts
mathkraemer Nov 3, 2025
fabb2d0
Updated Action version to 2.6
mathkraemer Nov 3, 2025
2dc3b7c
Updated to action 2.5.0
mathkraemer Nov 3, 2025
9dcdd66
Returning version to 2
mathkraemer Nov 3, 2025
d0f9e86
Added feature-2-report function
mathkraemer Nov 3, 2025
4240f29
Correted implementation
mathkraemer Nov 3, 2025
c21c57c
Fixed method name
mathkraemer Nov 3, 2025
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ on: [push, pull_request]
jobs:
run:
name: Java ${{ matrix.java }}
runs-on: ubuntu-latest
runs-on: self-hosted
strategy:
matrix:
java: [ 8 ]
Expand All @@ -18,3 +18,4 @@ jobs:
- name: Run tests
run: mvn -B package


61 changes: 61 additions & 0 deletions .github/workflows/coverity.sast.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
name: Synopsys Coverity SAST Scanning

on:
push:
branches: [ master, main ]

pull_request:
branches: [ master, main ]

env:
GITHUB_API_URL: https://api.github.com # explicit API Url for bridge

jobs:
build:
runs-on: self-hosted
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Coverity Scan
uses: blackduck-inc/black-duck-security-scan@v2
with:
### SCANNING: Required fields
coverity_url: ${{ vars.COVERITY_URL }}
coverity_user: ${{ secrets.COVERITY_USER }}
coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }}
coverity_project_name: ${{ vars.COVERITY_PROJECT }} # default overwrite

### Coverity Connect users - Uncomment below
coverity_install_directory: ${{ vars.COVERITY_INSTALLDIR }} # default overwrite
coverity_local: true

### POLICY ENFORCEMENT: Uncomment to break build on policy
coverity_policy_view: Policy - Java Security

### PULL REQUEST COMMENTS:
coverity_prComment_enabled: true
## Use the parameter below to add comments for issues filtered
## by impact. Default is High if unset
## NOTE: Issues matching coverity_policy_view are ignored if set
coverity_prComment_impacts: 'High,Medium,Low,Audit'
github_token: ${{ secrets.GITHUB_TOKEN }} # Required when PR comments is enabled

### Mark build status if policy violating issues are found
# mark_build_status: 'success'

#include_diagnostics: true

### Uncomment below configuration to add custom logic based on return status
- name: Postprocessing
id: cmdLine
run: |
EXIT_CODE=${{ steps.black-duck-security-scan.outputs.status }}
echo "Black Duck Security Scan exit status - $EXIT_CODE"

- name: Save Logs
if: always()
uses: actions/upload-artifact@v4
with:
name: bridge-logs
path: ${{ github.workspace }}/.bridge
include-hidden-files: true
6 changes: 6 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,9 @@ build.xml
/.apt_generated_tests/
agent.config
hdivAgentLog.hlg
.vscode/


# Coverity
.codesight
.bridge
20 changes: 20 additions & 0 deletions coverity.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"type": "Coverity configuration",
"format_version": 1,
"format_minor_version": 7,
"settings": {
"server": {
"url": "https://poc219.coverity.synopsys.com",
"ssl": true,
"on_new_cert": "trust"
},
"stream": "insecure-bank-synopsys-master",
"cov_run_desktop": {
"build_cmd": ["mvn", "package"],
"clean_cmd": ["mvn", "clean"]
},
"ide": {
"build_strategy": "CUSTOM"
}
}
}
10 changes: 10 additions & 0 deletions coverity.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
capture:
build:
clean-command: mvn clean
build-command: mvn -B -DskipTests package
#build-commnad: mvn -B -DskipTests -DskipITs clean install # default build-command-inference command for Maven projects
# languages:
# include:
# - java
# - javascript
# - configuration
18 changes: 18 additions & 0 deletions scan-polaris.cmd
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
@echo off
set BRIDGE_INSTALL_DIR=C:\Products\br\tc
set BRIDGE_CLI=%BRIDGE_INSTALL_DIR%\bridge-cli.exe

::set BRIDGE_UPDATE=--update
set BRIDGE_UPDATE=

%BRIDGE_CLI% --stage polaris %BRIDGE_UPDATE% ^
polaris.serverurl=https://poc.polaris.blackduck.com ^
polaris.application.name=MKM-Demo-Organization ^
polaris.project.name=MKM-InsecureBank ^
polaris.branch.name=master-cli ^
polaris.assessment.types=SCA,SAST ^
polaris.test.sca.type=SCA-SIGNATURE ^
detect.search.depth=10 ^
polaris.reports.sarif.create=false ^
polaris.reports.sarif.file.path=results.sarif.json

Original file line number Diff line number Diff line change
Expand Up @@ -117,4 +117,10 @@ public String changeAccount(@Valid @ModelAttribute final CashAccount cashAccount
return "accountActivity";
}

public void feature_2_report(Object activity){
if (activity == null){
System.out.println(activity.toString());
}
}

}