33name : CI Polaris Scanning
44on :
55 workflow_call :
6- secrets :
7- token :
8- description : ' Secret token from caller workflow to access private packages'
9- required : true
106 inputs :
117 scan_branch :
128 description : Incoming branch to release or main
139 required : true
1410 type : string
1511
16-
17-
18-
12+ permissions :
13+ contents : write # Required to push changes or create fix branches
14+ pull-requests : write # Required to add comments or create fix pull requests
1915jobs :
20- build :
16+ polaris_scan :
2117 runs-on : [ ubuntu-latest ]
2218 continue-on-error : true
2319 steps :
2420 - name : Checkout Source
25- uses : actions/checkout@v4
21+ uses : actions/checkout@v6
2622 - name : Polaris Scan
27- uses : synopsys-sig/synopsys-action@v1
23+ uses : blackduck-inc/black-duck-security-scan@v2
2824 with :
2925 # ## SCANNING: Required fields
30- polaris_server_url : ' https://polaris.synopsys .com'
31- polaris_access_token : ${{ secrets.token }}
26+ polaris_server_url : ' https://polaris.blackduck .com'
27+ polaris_access_token : ${{ secrets.POLARIS_TOKEN }}
3228 polaris_assessment_types : " SCA,SAST"
33- polaris_application_id : ' Integrations'
34- polaris_project_id : ${{ github.event.repository.name }}
35- polaris_branch_id : ${{ inputs.scan_branch }}
3629
37- # # SCANNING: Optional fields
38- polaris_application_name : ' Integrations'
30+ polaris_application_name : " Integrations"
3931 polaris_project_name : ${{ github.event.repository.name }}
40- polaris_assessment_mode : " SOURCE_UPLOAD"
41- polaris_branch_name : ${{ github.scan_branch }}
42-
43- # ## PULL REQUEST COMMENTS: Uncomment below to enable
44- # polaris_prComment_enabled: false
45- # github_token: ${{ secrets.GITHUB_TOKEN }} # Required when PR comments is enabled
32+ github_token : ${{ secrets.GITHUB_TOKEN }}
33+ polaris_prComment_enabled : true
34+ polaris_reports_sarif_create : true # Create SARIF report and upload it as artifact
35+
0 commit comments