fix blackduck scan (#387)

tuxtof · web-flow · commit 8735e579da98 · 2025-01-15T10:44:31.000+01:00
* fix blackduck scan

* update to 1.13.1
diff --git a/.github/workflows/synopsys-schedule.yaml b/.github/workflows/synopsys-schedule.yaml
@@ -19,11 +19,11 @@ jobs:
       - name: Build Project
         run: make build
 
-      - name: Run Synopsys Detect
-        uses: synopsys-sig/detect-action@v0.3.4
+      - name: Black Duck Full Scan
+        uses: synopsys-sig/synopsys-action@v1.13.1
         with:
-          scan-mode: INTELLIGENT
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          detect-version: 8.10.0
-          blackduck-url: ${{ secrets.BLACKDUCK_URL }}
-          blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          blackduck_scan_full: true
+          blackduck_scan_failure_severities: 'BLOCKER,CRITICAL
diff --git a/.github/workflows/synopsys.yaml b/.github/workflows/synopsys.yaml
@@ -21,10 +21,24 @@ jobs:
       - name: Build Project
         run: make build
 
-      - name: Run Synopsys Detect
-        uses: synopsys-sig/detect-action@v0.3.4
+      - name: Black Duck Full Scan
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: synopsys-sig/synopsys-action@v1.13.1
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          detect-version: 8.10.0
-          blackduck-url: ${{ secrets.BLACKDUCK_URL }}
-          blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          blackduck_scan_full: true
+          blackduck_scan_failure_severities: 'BLOCKER,CRITICAL'
+
+      - name: Black Duck PR Scan
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: synopsys-sig/synopsys-action@v1.13.1
+        env:
+          DETECT_PROJECT_VERSION_NAME: ${{ github.base_ref }}
+        with:
+          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          blackduck_scan_full: false
+          blackduck_prComment_enabled: true
