Re-enable Polaris Scans

Author: indrora

.github/workflows/kf-polaris-scan.yml

@@ -3,43 +3,32 @@
 name: CI Polaris Scanning 
 on:
   workflow_call:
-    secrets:
-      token:
-        description: 'Secret token from caller workflow to access private packages'
-        required: true
     inputs:
       scan_branch:
         description: Incoming branch to release or main
         required: true
         type: string
-      
-  
-  
-  
+permissions:
+  contents: write               # Required to push changes or create fix branches
+  pull-requests: write          # Required to add comments or create fix pull requests
 jobs:
-  build:
+  polaris_scan:
     runs-on: [ ubuntu-latest ]
     continue-on-error: true
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Polaris Scan
-        uses: keyfactor/synopsys-action@v1.10.0
+        uses: blackduck-inc/black-duck-security-scan@v2
         with:
           ### SCANNING: Required fields
-          polaris_server_url: 'https://polaris.synopsys.com'
-          polaris_access_token: ${{ secrets.token }}
+          polaris_server_url: 'https://polaris.blackduck.com'
+          polaris_access_token: ${{ secrets.POLARIS_TOKEN }}
           polaris_assessment_types: "SCA,SAST"
-          polaris_application_id: 'Integrations'
-          polaris_project_id: ${{ github.event.repository.name }}
-          polaris_branch_id: ${{ inputs.scan_branch }}
 
-          ## SCANNING: Optional fields
-          polaris_application_name: 'Integrations'
+          polaris_application_name: "Integrations"
           polaris_project_name: ${{ github.event.repository.name }}
-          polaris_assessment_mode: "SOURCE_UPLOAD"
-          polaris_branch_name: ${{ github.scan_branch }}
-          
-          # ## PULL REQUEST COMMENTS: Uncomment below to enable
-          # polaris_prComment_enabled: false
-          # github_token: ${{ secrets.GITHUB_TOKEN }} # Required when PR comments is enabled
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          polaris_prComment_enabled: true
+          polaris_reports_sarif_create: true # Create SARIF report and upload it as artifact
+

.github/workflows/starter.yml

@@ -148,14 +148,12 @@ jobs:
     secrets:
       token: ${{ secrets.token }}
 
-#  call-polaris-scan-workflow:
-#    if: github.event_name == 'pull_request' && (startsWith(github.base_ref, 'release-') || github.base_ref == 'main')
-#    uses: Keyfactor/actions/.github/workflows/kf-polaris-scan.yml@v5
-#    with:
-#      scan_branch: ${{ github.event.pull_request.head.ref }}
-#    secrets:
-#      token: ${{ secrets.scan_token }}
-
+  call-polaris-scan-workflow:
+    if: github.event_name == 'pull_request' && (startsWith(github.base_ref, 'release-') || github.base_ref == 'main')
+    uses: Keyfactor/actions/.github/workflows/kf-polaris-scan.yml@v4
+    with:
+      scan_branch: ${{ github.event.pull_request.head.ref }}
+    
   call-post-release-workflow:
     needs: [ call-assign-from-json-workflow, call-create-github-release-workflow ]
     if: needs.call-create-github-release-workflow.outputs.IS_FULL_RELEASE == 'True'