Skip to content

Add project and branch name variables to security scan #1075

Add project and branch name variables to security scan

Add project and branch name variables to security scan #1075

Workflow file for this run

name: Black Duck Security Scan - Polaris
on:
push:
branches: [main, master, develop, stage, release]
pull_request:
branches: [main, master, develop, stage, release]
workflow_dispatch:
#on:
# schedule:
# # Runs every day at 09:00 UTC
# - cron: '*/10 * * * *'
jobs:
build:
runs-on: [ubuntu-latest]
steps:
- name: Checkout Source
uses: actions/checkout@v4
- name: Polaris Scan
id: polaris-scan
uses: blackduck-inc/black-duck-security-scan@v2
with:
### SCANNING: Required fields
polaris_server_url: ${{ vars.POLARIS_SERVER_URL }}
polaris_access_token: ${{ secrets.POLARISPOC_ACCESS_TOKEN }}
polaris_assessment_types: "SCA,SAST"
#detect_args: "--detect.accuracy.required=NONE"
#coverity_build_command: "./mvnw install -DskipTests"
#coverity_clean_command: "./mvnw clean"
### SCANNING: Optional fields
polaris_application_name: 'susantoblackduck-CICD'
polaris_project_name: 'InsecureBank-GitHubActions-CICD'
### PULL REQUEST COMMENTS: Uncomment below to enable
polaris_prComment_enabled: true
github_token: ${{ secrets.GITHUB_TOKEN }} # Required when PR comments is enabled
polaris_branch_parent_name: 'master'
### SARIF report parameters
#polaris_reports_sarif_create: true
#polaris_upload_sarif_report: true
### Signature scan
#polaris_test_sca_type: "SCA-SIGNATURE,SCA-PACKAGE"
polaris_test_sca_type: "SCA-PACKAGE"
### Mark build status if policy violating issues are found
# mark_build_status: 'success'
### Uncomment below configuration to add custom logic based on return status
# - name: cmdLine
# id: cmdLine
# run: |
# EXIT_CODE=${{ steps.polaris-scan.outputs.status }}
# echo "Polaris Scan exit status - $EXIT_CODE"