Black Duck Security: Committed new-polaris-workflow.yml

Black Duck · Black Duck · commit 5049a46356e5 · 2026-04-07T23:49:51.000Z
diff --git a/.github/workflows/new-polaris-workflow.yml b/.github/workflows/new-polaris-workflow.yml
@@ -0,0 +1,47 @@
+# Quickstart: Black Duck Security Scan Action with polaris:
+#     https://documentation.blackduck.com/bundle/bridge/page/documentation/t_github-polaris-quickstart.html
+name: Polaris Security Scan
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - release-*.*
+  workflow_dispatch: {}
+# GitHub token permissions for post-scan actions. Required for built-in GITHUB_TOKEN; if using a PAT with equivalent scopes, permissions block can be commented out.
+permissions:
+  contents: write               # Required to push changes or create fix branches
+  pull-requests: write          # Required to add comments or create fix pull requests
+jobs:
+  polaris:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v4
+
+      - name: Polaris Security Scan
+        id: polaris-scan
+        uses: blackduck-inc/black-duck-security-scan@v2
+        with:
+          ### SCANNING: Required fields
+          polaris_server_url: ${{ vars.POLARIS_URL }}
+          polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+          ### ASSESSMENT TYPES
+          polaris_assessment_types: SAST,SCA  # Comma-separated list: SAST,SCA,DAST
+          ### Mark build status if policy violating issues are found
+          mark_build_status: success  # Set to success, failure, or skip
+          ### GITHUB TOKEN
+          github_token: ${{ secrets.GITHUB_TOKEN }}  # Required when PR comments or sarif reports enabled
+          polaris_prComment_enabled: true
+
+
+          ### SCAN CONFIGURATION: Uncomment below to enable
+          # polaris_waitForScan: true # Wait for scan completion before proceeding
+
+          ### Uncomment below configuration if Bridge diagnostic files needs to be uploaded
+          # include_diagnostics: false
+
+          ### SARIF report parameters
+          polaris_reports_sarif_create: true # Create SARIF report and upload it as artifact
+          # polaris_upload_sarif_report: false # Upload SARIF report in GitHub Advanced Security tab
