Add project and branch name variables to security scan #1075
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Black Duck Security Scan - Polaris | |
| on: | |
| push: | |
| branches: [main, master, develop, stage, release] | |
| pull_request: | |
| branches: [main, master, develop, stage, release] | |
| workflow_dispatch: | |
| #on: | |
| # schedule: | |
| # # Runs every day at 09:00 UTC | |
| # - cron: '*/10 * * * *' | |
| jobs: | |
| build: | |
| runs-on: [ubuntu-latest] | |
| steps: | |
| - name: Checkout Source | |
| uses: actions/checkout@v4 | |
| - name: Polaris Scan | |
| id: polaris-scan | |
| uses: blackduck-inc/black-duck-security-scan@v2 | |
| with: | |
| ### SCANNING: Required fields | |
| polaris_server_url: ${{ vars.POLARIS_SERVER_URL }} | |
| polaris_access_token: ${{ secrets.POLARISPOC_ACCESS_TOKEN }} | |
| polaris_assessment_types: "SCA,SAST" | |
| #detect_args: "--detect.accuracy.required=NONE" | |
| #coverity_build_command: "./mvnw install -DskipTests" | |
| #coverity_clean_command: "./mvnw clean" | |
| ### SCANNING: Optional fields | |
| polaris_application_name: 'susantoblackduck-CICD' | |
| polaris_project_name: 'InsecureBank-GitHubActions-CICD' | |
| ### PULL REQUEST COMMENTS: Uncomment below to enable | |
| polaris_prComment_enabled: true | |
| github_token: ${{ secrets.GITHUB_TOKEN }} # Required when PR comments is enabled | |
| polaris_branch_parent_name: 'master' | |
| ### SARIF report parameters | |
| #polaris_reports_sarif_create: true | |
| #polaris_upload_sarif_report: true | |
| ### Signature scan | |
| #polaris_test_sca_type: "SCA-SIGNATURE,SCA-PACKAGE" | |
| polaris_test_sca_type: "SCA-PACKAGE" | |
| ### Mark build status if policy violating issues are found | |
| # mark_build_status: 'success' | |
| ### Uncomment below configuration to add custom logic based on return status | |
| # - name: cmdLine | |
| # id: cmdLine | |
| # run: | | |
| # EXIT_CODE=${{ steps.polaris-scan.outputs.status }} | |
| # echo "Polaris Scan exit status - $EXIT_CODE" |