diff --git a/.github/workflows/BitBucket-Polaris.yml b/.github/workflows/BitBucket-Polaris.yml
new file mode 100644
index 00000000..e075dc8d
--- /dev/null
+++ b/.github/workflows/BitBucket-Polaris.yml
@@ -0,0 +1,42 @@
+name: CI-Polaris-
+on:
+ push:
+ branches: [ main, master, develop, stage, release ]
+ pull_request:
+ branches: [ main, master, develop, stage, release ]
+ workflow_dispatch:
+
+jobs:
+ build:
+ runs-on: [ ubuntu-latest ]
+ steps:
+ - name: checkout-bitbucket
+ run: git clone https://waizguy@bitbucket.org/jwpolaris/hello-java.git
+ - name: Setup Java JDK
+ uses: actions/setup-java@v4
+ with:
+ java-version: 11
+ distribution: microsoft
+ cache: maven
+ - name: Polaris Scan
+ uses: synopsys-sig/synopsys-action@v1.11.0
+ env:
+ DETECT_DETECTOR_SEARCH_DEPTH: 10
+ with:
+ ### SCANNING: Required fields
+ polaris_server_url: ${{ vars.POLARIS_SERVERURL }}
+ polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+ polaris_assessment_types: "SCA,SAST"
+
+
+ ### SCANNING: Optional fields
+ polaris_application_name: AJW-${{ github.event.repository.name }}
+ # polaris_project_name: ${{ github.event.repository.name }}
+
+ ### PULL REQUEST COMMENTS: Uncomment below to enable
+ polaris_prComment_enabled: true
+ github_token: ${{ secrets.GITHUB_TOKEN }} # Required when PR comments is enabled
+
+ ### SARIF report parameters
+ polaris_reports_sarif_create: true
+ polaris_upload_sarif_report: true
diff --git a/.github/workflows/Blackduck-Polaris.yml b/.github/workflows/Blackduck-Polaris.yml
new file mode 100644
index 00000000..d25c27bc
--- /dev/null
+++ b/.github/workflows/Blackduck-Polaris.yml
@@ -0,0 +1,44 @@
+name: CI-Polaris-Basic
+on:
+ push:
+ branches: [ main, master, develop, stage, release ]
+ pull_request:
+ branches: [ main, master, develop, stage, release ]
+ workflow_dispatch:
+
+jobs:
+ build:
+ runs-on: [ ubuntu-latest ]
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v4
+ - name: Setup Java JDK
+ uses: actions/setup-java@v4
+ with:
+ java-version: 17
+ distribution: microsoft
+ cache: maven
+ - name: NEW Polaris Scan 1
+ uses: blackduck-inc/black-duck-security-scan@v2.0.0
+ with:
+ ### SCANNING: Required fields
+ polaris_server_url: ${{ secrets.POLARIS_SERVER_URL }}
+ polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+ polaris_assessment_types: "SCA,SAST"
+ polaris_application_name: "JWtest"
+ polaris_project_name: "hello-java"
+ polaris_branch_name: "main41"
+
+
+ ### PULL REQUEST COMMENTS: Uncomment below to enable
+ # polaris_prComment_enabled: ${{ github.event_name == 'pull_request' && 'true' || 'false' }}
+ #polaris_prComment_enabled: true
+ #github_token: ${{ secrets.git_pat }} # Required when PR comments is enabled
+
+ #- name: Save Logs
+ # if: always()
+ # uses: actions/upload-artifact@v3
+ # with:
+ # name: bridge-logs
+ #path: ${{ github.workspace }}/.bridge/**/*.json
+
diff --git a/.github/workflows/Class1.yml b/.github/workflows/Class1.yml
new file mode 100644
index 00000000..54c2f91c
--- /dev/null
+++ b/.github/workflows/Class1.yml
@@ -0,0 +1,98 @@
+# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven
+
+# This workflow uses actions that are not certified by GitHub what a pitty
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Java CI with Maven
+
+on:
+ push:
+ branches: [ "main", "jw*.*" ]
+ pull_request:
+ branches: [ "main", "jw*.*" ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v4
+ - name: Set up JDK 17
+ uses: actions/setup-java@v4
+ with:
+ java-version: '17'
+ distribution: 'temurin'
+ cache: maven
+ - name: Black Duck Security Scan
+ uses: blackduck-inc/black-duck-security-scan@v2.1.1
+ with:
+ # Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.
+ # coverity_waitForScan: # optional
+ # Build command for Coverity
+ # coverity_build_command: # optional
+ # Clean command for Coverity
+ # coverity_clean_command: # optional
+ # Coverity config file path (.yaml/.yml/.json)
+ # If provided, Black Duck Security Action will download specific version of coverity thin client to use.
+ #bridge_coverity_version: # optional
+ polaris_server_url: ${{ secrets.POLARIS_SERVER_URL }}
+ polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+ polaris_assessment_types: "SCA"
+ polaris_application_name: "JoseWaizman2"
+ polaris_project_name: "hello-java"
+ polaris_branch_name: "jw-13"
+ # Flag to enable pull request comments based on Polaris scan result
+ polaris_prComment_enabled: "true"
+ github_token: ${{ secrets.GITHUB_TOKEN }}
+ # List of severities for which the PR Comments should be created
+ polaris_prComment_severities: "CRITICAL,HIGH,MEDIUM,LOW"
+ # Polaris parent branch name
+ polaris_branch_parent_name: main
+ # Polaris test type to trigger signature scan or package manager scan
+ polaris_test_sca_type: "SCA-SIGNATURE"
+ # Flag to enable/disable Polaris SARIF report generation
+ polaris_reports_sarif_create: yes
+ # File path including file name where Polaris SARIF report should be created
+ # polaris_reports_sarif_file_path: # optional
+ # Indicates what SAST/SCA issues severity categories to include in Polaris SARIF file report
+ polaris_reports_sarif_severities: "CRITICAL,HIGH,MEDIUM,LOW"
+ # Flag to enable/disable Component-Version grouping for SCA Issues in Polaris SARIF report rules section
+ # polaris_reports_sarif_groupSCAIssues: # optional
+ # Enum to indicate which assessment issues type to include in Polaris SARIF file report
+ # polaris_reports_sarif_issue_types: "SAST,SCA"
+ # Flag to enable/disable uploading of Polaris SARIF report to GitHub Advanced Security
+ polaris_upload_sarif_report: yes
+ # Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.
+ # polaris_waitForScan: # optional
+ # The test mode type of this scan
+ # polaris_assessment_mode: # optional
+ # The project source directory. Defaults to repository root directory. Set this to specify a custom folder that is other than repository root
+ # project_directory: # optional
+ # The zipped source file path. It overrides the project directory setting
+ # project_source_archive: # optional
+ # Flag indicating whether to preserve symlinks in the source zip
+ # project_source_preserveSymLinks: # optional
+ # A list of git ignore pattern strings that indicate the files need to be excluded from the zip file
+ # project_source_excludes: # optional
+ # Bridge CLI Install Directory
+ # bridgecli_install_directory: # optional
+ # URL to download bridge from
+ # bridgecli_download_url: # optional
+ # Github token to be used for git related rest operation
+ # github_token: # optional
+ # To include diagnostics info and export as zip
+ include_diagnostics: no
+ # Number of days to keep the diagnostics files downloadable
+ #diagnostics_retention_days: # optional
+ # To enable creation of badges on the GitHub repository for polaris
+ polaris_policy_badges_create: yes
+ # To limit number of badges to be displayed on the GitHub repository for polaris
+ # polaris_policy_badges_maxCount: # optional
+ # Specify the build status if policy violating issues are found.
+ #mark_build_status: "success"
+
+
diff --git a/.github/workflows/SynopsysDetect.yaml b/.github/workflows/SynopsysDetect.yaml
new file mode 100644
index 00000000..e8f14d2e
--- /dev/null
+++ b/.github/workflows/SynopsysDetect.yaml
@@ -0,0 +1,44 @@
+name: CI-Polaris-Basic
+on:
+ push:
+ branches: [ main, master, develop, stage, release ]
+ pull_request:
+ branches: [ main, master, develop, stage, release ]
+ workflow_dispatch:
+
+jobs:
+ build:
+ runs-on: [ ubuntu-latest ]
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v4
+ - name: NEW Polaris Scan 1
+ uses: synopsys-sig/synopsys-action@v1.8.0
+ with:
+ ### SCANNING: Required fields
+ polaris_server_url: ${{ secrets.POLARIS_SERVER_URL }}
+ polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+ polaris_assessment_types: "SCA,SAST"
+ polaris_application_name: "JWtest"
+ polaris_project_name: "HelloJava"
+
+
+ ### PULL REQUEST COMMENTS: Uncomment below to enable
+ #polaris_prComment_enabled: ${{ github.event_name == 'pull_request' && 'true' || 'false' }}
+ github_token: ${{ secrets.GIT_PAT }} # Required when PR comments is enabled
+ #polaris_reports_sarif_create: ${{ github.event_name != 'pull_request' && 'true' || 'false' }}
+ polaris_reports_sarif_severities: "CRITICAL,HIGH,MEDIUM,LOW"
+ polaris_reports_sarif_groupSCAIssues: true
+ polaris_reports_sarif_create: true
+ polaris_upload_sarif_report: true
+ polaris_reports_sarif_issue_types: 'SCA, SAST'
+ # polaris_upload_sarif_report: ${{ github.event_name != 'pull_request' && 'true' || 'false' }}
+
+
+ #- name: Save Logs
+ # if: always()
+ # uses: actions/upload-artifact@v3
+ # with:
+ # name: bridge-logs
+ #path: ${{ github.workspace }}/.bridge/**/*.json
+
diff --git a/.github/workflows/blackduck.yml b/.github/workflows/blackduck.yml
index 7a0453b2..31c8df32 100644
--- a/.github/workflows/blackduck.yml
+++ b/.github/workflows/blackduck.yml
@@ -21,7 +21,11 @@ jobs:
- uses: actions/setup-java@v1
with:
java-version: 11
+
- name: Black Duck Scan
uses: blackducksoftware/github-action@v2
with:
args: --detect.project.name=$PROJECT --detect.project.version.name=$BRANCH --detect.excluded.detector.types=GRADLE
+ - name: Upload to CoPilot
+ if: github.event_name == 'push' || github.event_name == 'pull_request'
+ run: bash <(curl -s https://copilot.blackducksoftware.com/ci/githubactions/scripts/upload)
diff --git a/.github/workflows/demo.yml b/.github/workflows/demo.yml
new file mode 100644
index 00000000..407b2bb4
--- /dev/null
+++ b/.github/workflows/demo.yml
@@ -0,0 +1,39 @@
+name: CI-Polaris-1
+on:
+ push:
+ branches: [ main, master, develop, stage, release ]
+ pull_request:
+ branches: [ main, master, develop, stage, release ]
+ workflow_dispatch:
+
+jobs:
+ build:
+ runs-on: [ ubuntu-latest ]
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v4
+ - name: Setup Java JDK
+ uses: actions/setup-java@v4
+ with:
+ java-version: 11
+ distribution: microsoft
+ cache: maven
+ - name: Polaris Scan
+ uses: synopsys-sig/synopsys-action@v1.11.0
+ with:
+ ### SCANNING: Required fields
+ polaris_server_url: ${{ vars.POLARIS_SERVERURL }}
+ polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+ polaris_assessment_types: "SCA,SAST"
+
+ ### SCANNING: Optional fields
+ polaris_application_name: AJW-${{ github.event.repository.name }}
+ # polaris_project_name: ${{ github.event.repository.name }}
+
+ ### PULL REQUEST COMMENTS: Uncomment below to enable
+ polaris_prComment_enabled: true
+ github_token: ${{ secrets.GIT_PAT }} # Required when PR comments is enabled
+
+ ### SARIF report parameters
+ polaris_reports_sarif_create: true
+ polaris_upload_sarif_report: true
diff --git a/.github/workflows/demoyml b/.github/workflows/demoyml
new file mode 100644
index 00000000..10c195fb
--- /dev/null
+++ b/.github/workflows/demoyml
@@ -0,0 +1,37 @@
+name: CI-Polaris-Jose
+on:
+ push:
+ branches: [ main, master, develop, stage, release ]
+ pull_request:
+ branches: [ main, master, develop, stage, release ]
+ workflow_dispatch:
+
+jobs:
+ build:
+ runs-on: [ ubuntu-latest ]
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v4
+ - name: Polaris Scan
+ uses: synopsys-sig/synopsys-action@v1.8.0
+ with:
+ ### SCANNING: Required fields
+ polaris_server_url: ${{ vars.POLARIS_SERVERURL }}
+ polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+ polaris_assessment_types: "SCA,SAST"
+
+ ### SCANNING: Optional fields
+ # polaris_application_name: ${{ github.event.repository.name }}
+ # polaris_project_name: ${{ github.event.repository.name }}
+
+ ### PULL REQUEST COMMENTS: Uncomment below to enable
+ # polaris_prComment_enabled: true
+ # github_token: ${{ secrets.GITHUB_TOKEN }} # Required when PR comments is enabled
+
+ polaris_reports_sarif_create: true
+ # polaris_reports_sarif_file_path: '/Users/tmp/report.sarif.json' # File path (including file name) where SARIF report is created.
+ polaris_reports_sarif_severities: "CRITICAL,HIGH"
+ polaris_reports_sarif_groupSCAIssues: true
+ polaris_reports_sarif_issue_types: 'SCA, SAST'
+ polaris_upload_sarif_report: true
+ github_token: ${{ secrets.GITHUB_TOKEN }} # Required when polaris_upload_sarif_report is set as true
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 00000000..56b42aa3
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,44 @@
+name: CI-Polaris-Basic
+on:
+ push:
+ branches: [ main, master, develop, stage, release ]
+ pull_request:
+ branches: [ main, master, develop, stage, release ]
+ workflow_dispatch:
+
+jobs:
+ build:
+ runs-on: [ ubuntu-latest ]
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v4
+ - name: Setup Java JDK
+ uses: actions/setup-java@v4
+ with:
+ java-version: 17
+ distribution: microsoft
+ cache: maven
+ - name: NEW Polaris Scan 1
+ uses: synopsys-sig/synopsys-action@v1.8.0
+ with:
+ ### SCANNING: Required fields
+ polaris_server_url: ${{ secrets.POLARIS_SERVER_URL }}
+ polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+ polaris_assessment_types: "SCA,SAST"
+ polaris_application_name: "JWtest"
+ polaris_project_name: "HelloJava"
+ polaris_branch_name: "main"
+
+
+ ### PULL REQUEST COMMENTS: Uncomment below to enable
+ polaris_prComment_enabled: ${{ github.event_name == 'pull_request' && 'true' || 'false' }}
+ polaris_prComment_enabled: true
+ github_token: ${{ secrets.git_pat }} # Required when PR comments is enabled
+
+ #- name: Save Logs
+ # if: always()
+ # uses: actions/upload-artifact@v3
+ # with:
+ # name: bridge-logs
+ #path: ${{ github.workspace }}/.bridge/**/*.json
+
diff --git a/.github/workflows/synopsys-action.yml b/.github/workflows/synopsys-action.yml
new file mode 100644
index 00000000..2437ec46
--- /dev/null
+++ b/.github/workflows/synopsys-action.yml
@@ -0,0 +1,195 @@
+name: CI-Polaris-Basic
+on:
+ push:
+ branches: [ main, master, develop, release,jw*.* ]
+ pull_request:
+ branches: [ main, master, develop, release, jw*.* ]
+ workflow_dispatch:
+
+jobs:
+ build:
+ runs-on: [ ubuntu-latest ]
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v4
+ - name: Setup Java JDK
+ uses: actions/setup-java@v4
+ with:
+ java-version: 17
+ distribution: microsoft
+ cache: maven
+ - name: Black Duck Security Scan
+ uses: blackduck-inc/black-duck-security-scan@v2.1.1
+ with:
+ polaris_server_url: ${{ secrets.POLARIS_SERVER_URL }}
+ polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+ polaris_assessment_types: "SCA,SAST"
+ polaris_application_name: "JWtest"
+ polaris_project_name: "hello-java"
+ polaris_branch_name: "main4"
+ # You may pin to the exact commit or the version.
+ # uses: blackduck-inc/black-duck-security-scan@6ee400ee2502a366bdff13cddae76bbde804fd20
+
+
+ coverity_local: # optional
+ # If provided, Black Duck Security Action will download specific version of coverity thin client to use.
+ coverity_version: # optional
+ # Flag to enable pull request comments for new issues found in the Coverity scan
+ coverity_prComment_enabled: # optional
+ # Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.
+ coverity_waitForScan: # optional
+ # Build command for Coverity
+ coverity_build_command: # optional
+ # Clean command for Coverity
+ coverity_clean_command: # optional
+ # Coverity config file path (.yaml/.yml/.json)
+ coverity_config_path: # optional
+ # Additional Coverity Arguments separated by space
+ coverity_args: # optional
+ # If provided, Black Duck Security Action will download specific version of coverity thin client to use.
+ bridge_coverity_version: # optional
+ # Polaris Access Token
+ polaris_access_token: # optional
+ # Polaris Application Name
+ polaris_application_name: # optional
+ # Polaris Project Name
+ polaris_project_name: # optional
+ # Polaris Assess Types SAST/SCA
+ polaris_assessment_types: # optional
+ # Polaris Server URL
+ polaris_server_url: # optional
+ # Flag to enable pull request comments based on Polaris scan result
+ polaris_prComment_enabled: # optional
+ # List of severities for which the PR Comments should be created
+ polaris_prComment_severities: # optional
+ # Polaris Triage
+ polaris_triage: # optional
+ # Polaris branch name
+ polaris_branch_name: # optional
+ # Polaris parent branch name
+ polaris_branch_parent_name: # optional
+ # Polaris test type to trigger signature scan or package manager scan
+ polaris_test_sca_type: # optional
+ # Flag to enable/disable Polaris SARIF report generation
+ polaris_reports_sarif_create: Yes
+ # File path including file name where Polaris SARIF report should be created
+ polaris_reports_sarif_file_path: # optional
+ # Indicates what SAST/SCA issues severity categories to include in Polaris SARIF file report
+ polaris_reports_sarif_severities: 'CRITICAL,HIGH,MEDIUM,LOW,INTENTIONAL'
+
+ # Flag to enable/disable Component-Version grouping for SCA Issues in Polaris SARIF report rules section
+ polaris_reports_sarif_groupSCAIssues: YES
+ # Enum to indicate which assessment issues type to include in Polaris SARIF file report
+ polaris_reports_sarif_issue_types: # optional
+ # Flag to enable/disable uploading of Polaris SARIF report to GitHub Advanced Security
+ polaris_upload_sarif_report: # optional
+ # Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.
+ polaris_waitForScan: # optional
+ # The test mode type of this scan
+ polaris_assessment_mode: # optional
+ # The project source directory. Defaults to repository root directory. Set this to specify a custom folder that is other than repository root
+ project_directory: # optional
+ # The zipped source file path. It overrides the project directory setting
+ project_source_archive: # optional
+ # Flag indicating whether to preserve symlinks in the source zip
+ project_source_preserveSymLinks: # optional
+ # A list of git ignore pattern strings that indicate the files need to be excluded from the zip file
+ project_source_excludes: # optional
+ # Bridge CLI Install Directory
+ bridgecli_install_directory: # optional
+ # URL to download bridge from
+ bridgecli_download_url: # optional
+ # URL for blackduck hub
+ blackducksca_url: # optional
+ # API token to access blackduck
+ blackducksca_token: # optional
+ # Directory to find or install detect
+ detect_install_directory: # optional
+ # Scan Mode. (true for intelligent scan & false for rapid scan)
+ blackducksca_scan_full: # optional
+ # If provided, Black Duck will break the build if any issues produced match one of the given severities
+ blackducksca_scan_failure_severities: # optional
+ # If set as true, separate Fix PRs will be created if vulnerability is found after scan
+ blackducksca_fixpr_enabled: # optional
+ # Maximum number of Pull Requests to be created that violate policies
+ blackducksca_fixpr_maxCount: # optional
+ # If provided, Fix PRs will be created only for given severities
+ blackducksca_fixpr_filter_severities: # optional
+ # Flag to enable long term upgrade guidance
+ blackducksca_fixpr_useUpgradeGuidance: # optional
+ # If provided, Black Duck Security Action will configure the version of Bridge
+ bridgecli_download_version: # optional
+ # Flag to enable pull request comments for new issues found in the Black Duck scan
+ blackducksca_prComment_enabled: # optional
+ # Flag to enable/disable Black Duck SARIF report generation
+ blackducksca_reports_sarif_create: # optional
+ # File path including file name where Black Duck SARIF report should be created
+ blackducksca_reports_sarif_file_path: # optional
+ # Indicates what SAST/SCA issues severity categories to include in Black Duck SARIF file report
+ blackducksca_reports_sarif_severities: # optional
+ # Flag to enable/disable Component-Version grouping for SCA Issues in Black Duck SARIF report rules section
+ blackducksca_reports_sarif_groupSCAIssues: # optional
+ # Flag to enable/disable uploading of Black Duck SARIF report to GitHub Advanced Security
+ blackducksca_upload_sarif_report: # optional
+ # Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.
+ blackducksca_waitForScan: # optional
+ # Number indicating the search depth in the source directory
+ detect_search_depth: # optional
+ # Additional Black Duck Arguments separated by space
+ detect_args: # optional
+ # Black Duck config file path (.properties/.yml)
+ detect_config_path: # optional
+ # To enable creation of badges on the GitHub repository
+ blackducksca_policy_badges_create: # optional
+ # To limit number of badges to be displayed on the GitHub repository
+ blackducksca_policy_badges_maxCount: # optional
+ # SRM Url
+ srm_url: # optional
+ # SRM Api Key
+ srm_apikey: # optional
+ # SRM Assessment Types
+ srm_assessment_types: # optional
+ # SRM project name
+ srm_project_name: # optional
+ # SRM branch name
+ srm_branch_name: # optional
+ # SRM branch Id
+ srm_project_id: # optional
+ # SRM branch parent
+ srm_branch_parent: # optional
+ # Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.
+ srm_waitForScan: # optional
+ # Coverity execution path
+ coverity_execution_path: # optional
+ # Black Duck execution path
+ detect_execution_path: # optional
+ # Github token to be used for git related rest operation
+ github_token: # optional
+ # To include diagnostics info and export as zip
+ include_diagnostics: # optional
+ # Number of days to keep the diagnostics files downloadable
+ diagnostics_retention_days: # optional
+ # If provided, Black Duck Security Action will be using local network to download and execute bridge .
+ bridge_network_airgap: # optional
+ # If provided, Black Duck Security Action will be using local network to download and execute bridge .
+ network_airgap: # optional
+ # To enable creation of badges on the GitHub repository for polaris
+ polaris_policy_badges_create: # optional
+ # To limit number of badges to be displayed on the GitHub repository for polaris
+ polaris_policy_badges_maxCount: # optional
+ # Specify the build status if policy violating issues are found.
+ mark_build_status: # optional, default is failure
+
+
+ ### PULL REQUEST COMMENTS: Uncomment below to enable
+ # polaris_prComment_enabled: ${{ github.event_name == 'pull_request' && 'true' || 'false' }}
+ #polaris_prComment_enabled: true
+ #github_token: ${{ secrets.git_pat }} # Required when PR comments is enabled
+
+ #- name: Save Logs
+ # if: always()
+ # uses: actions/upload-artifact@v3
+ # with:
+ # name: bridge-logs
+ #path: ${{ github.workspace }}/.bridge/**/*.json
+
diff --git a/.github/workflows/synopsys-action2.yml b/.github/workflows/synopsys-action2.yml
new file mode 100644
index 00000000..c5473521
--- /dev/null
+++ b/.github/workflows/synopsys-action2.yml
@@ -0,0 +1,39 @@
+# example workflow for Polaris scans using the Synopsys Action
+# https://github.com/marketplace/actions/synopsys-action
+name: polaris
+on:
+ push:
+ branches: [ main, master, develop, stage, release ]
+ pull_request:
+ branches: [ main, master, develop, stage, release ]
+ workflow_dispatch:
+jobs:
+ polaris:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v4
+ - name: Setup Java JDK
+ uses: actions/setup-java@v4
+ with:
+ java-version: 17
+ distribution: microsoft
+ cache: maven
+ - name: Polaris Scan 2
+ uses: synopsys-sig/synopsys-action@v1.8.0
+ with:
+ polaris_server_url: ${{ vars.POLARIS_SERVERURL }}
+ polaris_access_token: ${{ secrets.POLARIS_ACCESSTOKEN }}
+ polaris_assessment_types: 'SAST,SCA'
+ polaris_application_name: JWtest-${{ github.event.repository.name }}
+ polaris_project_name: ${{ github.event.repository.name }}
+ polaris_prComment_enabled: ${{ github.event_name == 'pull_request' && 'true' || 'false' }}
+ polaris_reports_sarif_create: ${{ github.event_name != 'pull_request' && 'true' || 'false' }}
+ polaris_upload_sarif_report: ${{ github.event_name != 'pull_request' && 'true' || 'false' }}
+ github_token: ${{ secrets.GITHUB_TOKEN }}
+# - name: Save Logs
+# if: always()
+# uses: actions/upload-artifact@v4
+# with:
+# name: bridge-logs
+# path: ${{ github.workspace }}/.bridge
diff --git a/.github/workflows/synopsys-action3.yml b/.github/workflows/synopsys-action3.yml
new file mode 100644
index 00000000..4458c6cf
--- /dev/null
+++ b/.github/workflows/synopsys-action3.yml
@@ -0,0 +1,41 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+name: Synopsys Security Testing
+
+on:
+ push:
+ # At this time, it is recommended to run Polaris only on pushes to main branches
+ # Pull request analysis will be supported by Polaris in the future
+ branches: [ "main" ]
+
+ pull_request:
+ branches: [ "main" ]
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+ - name: Synopsys Action
+ uses: synopsys-sig/synopsys-action@v1.6.0
+ with:
+ #------------------------------------------COVERITY-----------------------------------------
+ coverity_url: ${{ secrets.COVERITY_URL }}
+ coverity_user: ${{ secrets.COVERITY_USER }}
+ coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }}
+
+ #------------------------------------------BLACKDUCK----------------------------------------
+ blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+ blackduck_url: ${{ secrets.BLACKDUCK_URL }}
+
+ #------------------------------------------POLARIS------------------------------------------
+ polaris_server_url: ${{ secrets.POLARIS_SERVER_URL }}
+ polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+ polaris_assessment_types: "SCA,SAST"
+
+
diff --git a/.github/workflows/synopsys-sec.yml b/.github/workflows/synopsys-sec.yml
new file mode 100644
index 00000000..42747d6b
--- /dev/null
+++ b/.github/workflows/synopsys-sec.yml
@@ -0,0 +1,35 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+name: Synopsys-sec
+
+on:
+ push:
+ # At this time, it is recommended to run Polaris only on pushes to main branches
+ # Pull request analysis will be supported by Polaris in the future
+ branches: [ "main" ]
+
+ pull_request:
+ branches: [ "main" ]
+ types: [ assigned, opened, synchronize, reopened, labeled, edited ]
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Synopsys Action
+ uses: synopsys-sig/synopsys-action@v1.9.0
+ with:
+
+ #------------------------------------------POLARIS------------------------------------------
+ polaris_server_url: ${{ secrets.POLARIS_SERVER_URL }}
+ polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+ polaris_assessment_types: "SCA,SAST"
+ polaris_prComment_enabled: true
+ github_token: ${{ secrets.git_pat }} # Required when PR comments is enabled
+
+
diff --git a/Jenkinsfile b/Jenkinsfile
index c0a662e5..2318fe7c 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1,96 +1,66 @@
pipeline {
- agent { label 'linux64' }
-
- environment {
- CONNECT = 'https://coverity.chuckaude.com:8443'
- PROJECT = 'hello-java'
- BLDCMD = 'mvn -B package -DskipTests'
- CHECKERS = '--webapp-security --enable-callgraph-metrics'
- COVERITY_NO_LOG_ENVIRONMENT_VARIABLES = '1'
- }
-
+ agent any
tools {
- maven 'maven-3.8'
+ maven 'maven-3.9'
jdk 'openjdk-11'
}
-
+ environment {
+ REPO_NAME = "${env.GIT_URL.tokenize('/.')[-2]}"
+ BRIDGECLI_LINUX64 = 'https://sig-repo.synopsys.com/artifactory/bds-integrations-release/com/synopsys/integration/synopsys-bridge/latest/synopsys-bridge-linux64.zip'
+ BRIDGE_POLARIS_SERVERURL = 'https://poc.polaris.synopsys.com'
+ BRIDGE_POLARIS_APPLICATION_NAME = "jwaizguy-${env.REPO_NAME}"
+ BRIDGE_POLARIS_PROJECT_NAME = "${env.REPO_NAME}"
+ BRIDGE_POLARIS_ASSESSMENT_TYPES = 'SAST,SCA'
+ }
stages {
- stage('Build') {
+ stage('Build2') {
steps {
- sh 'mvn -B compile'
+ sh 'mvn -B package'
}
}
- stage('Test') {
+ stage('Polaris Full Scan') {
+ when { not { changeRequest() } }
steps {
- sh 'mvn -B test'
- }
- }
- stage('Security Testing') {
- parallel {
- stage('Black Duck') {
- steps {
- synopsys_detect "--detect.project.name=$PROJECT --detect.project.version.name=$BRANCH_NAME"
- }
- }
- stage('Coverity Full Scan') {
- when {
- allOf {
- not { changeRequest() }
- expression { BRANCH_NAME ==~ /(main|stage|release)/ }
- }
- }
- steps {
- withCoverityEnvironment(coverityInstanceUrl: "$CONNECT", projectName: "$PROJECT", streamName: "$PROJECT-$BRANCH_NAME") {
- sh '''
- cov-build --dir idir --fs-capture-search $WORKSPACE $BLDCMD
- cov-analyze --dir idir --ticker-mode none --strip-path $WORKSPACE $CHECKERS
- cov-commit-defects --dir idir --ticker-mode none --url $COV_URL --stream $COV_STREAM \
- --description $BUILD_TAG --version $GIT_COMMIT
- '''
- script { // Coverity Quality Gate
- count = coverityIssueCheck(viewName: 'OWASP Web Top 10', returnIssueCount: true)
- if (count != 0) { unstable 'issues detected' }
- }
- }
- }
- }
- stage('Coverity Incremental Scan') {
- when {
- allOf {
- changeRequest()
- expression { CHANGE_TARGET ==~ /(main|stage|release)/ }
- }
- }
- steps {
- withCoverityEnvironment(coverityInstanceUrl: "$CONNECT", projectName: "$PROJECT", streamName: "$PROJECT-$CHANGE_TARGET") {
- sh '''
- export CHANGE_SET=$(git --no-pager diff origin/$CHANGE_TARGET --name-only)
- [ -z "$CHANGE_SET" ] && exit 0
- cov-run-desktop --dir idir --url $COV_URL --stream $COV_STREAM --build $BLDCMD
- cov-run-desktop --dir idir --url $COV_URL --stream $COV_STREAM --present-in-reference false \
- --ignore-uncapturable-inputs true --text-output issues.txt $CHANGE_SET
- if [ -s issues.txt ]; then cat issues.txt; touch issues_found; fi
- '''
- }
- script { // Coverity Quality Gate
- if (fileExists('issues_found')) { unstable 'issues detected' }
- }
+ withCredentials([string(credentialsId: 'poc.polaris.synopsys.com', variable: 'BRIDGE_POLARIS_ACCESSTOKEN')]) {
+ script {
+ status = sh returnStatus: true, script: '''
+ curl -fLsS -o bridge.zip $BRIDGECLI_LINUX64 && unzip -qo -d $WORKSPACE_TMP bridge.zip && rm -f bridge.zip
+ $WORKSPACE_TMP/synopsys-bridge --verbose --stage polaris \
+ polaris.branch.name=$BRANCH_NAME
+ '''
+ if (status == 8) { unstable 'policy violation' }
+ else if (status != 0) { error 'scan failure' }
}
}
}
}
- stage('Deploy') {
- when {
- expression { BRANCH_NAME ==~ /(main|stage|release)/ }
- }
- steps {
- sh 'mvn -B install'
+ stage('Polaris PR Scan') {
+ when { changeRequest() }
+ steps {
+ withCredentials([string(credentialsId: 'poc.polaris.synopsys.com', variable: 'BRIDGE_POLARIS_ACCESSTOKEN'), string(credentialsId: 'github-pat', variable: 'GITHUB_TOKEN')]) {
+ script {
+ status = sh returnStatus: true, script: '''
+ curl -fLsS -o bridge.zip $BRIDGECLI_LINUX64 && unzip -qo -d $WORKSPACE_TMP bridge.zip && rm -f bridge.zip
+ $WORKSPACE_TMP/synopsys-bridge --verbose --stage polaris \
+ polaris.prcomment.enabled=true \
+ polaris.branch.name=$BRANCH_NAME \
+ polaris.branch.parent.name=$CHANGE_TARGET \
+ github.repository.name=$REPO_NAME \
+ github.repository.branch.name=$BRANCH_NAME \
+ github.repository.owner.name=chuckaude-org \
+ github.repository.pull.number=$CHANGE_ID \
+ github.user.token=$GITHUB_TOKEN
+ '''
+ if (status == 8) { unstable 'policy violation' }
+ else if (status != 0) { error 'scan failure' }
+ }
+ }
}
}
}
post {
always {
- archiveArtifacts artifacts: 'idir/build-log.txt, idir/output/analysis-log.txt, idir/output/callgraph-metrics.csv'
+ //zip archive: true, dir: '.bridge', zipFile: 'bridge-logs.zip'
cleanWs()
}
}
diff --git a/MakeLZSA.exe b/MakeLZSA.exe
new file mode 100644
index 00000000..470f93e5
Binary files /dev/null and b/MakeLZSA.exe differ
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..034e8480
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported |
+| ------- | ------------------ |
+| 5.1.x | :white_check_mark: |
+| 5.0.x | :x: |
+| 4.0.x | :white_check_mark: |
+| < 4.0 | :x: |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.
diff --git a/ant.jar b/ant.jar
new file mode 100644
index 00000000..b3a94dfa
Binary files /dev/null and b/ant.jar differ
diff --git a/azure-pipelines-1.yml b/azure-pipelines-1.yml
new file mode 100644
index 00000000..888626f3
--- /dev/null
+++ b/azure-pipelines-1.yml
@@ -0,0 +1,27 @@
+# Maven
+# Build your Java project and run tests with Apache Maven.
+# Add steps that analyze code, save build artifacts, deploy, and more:
+# https://docs.microsoft.com/azure/devops/pipelines/languages/java
+
+trigger:
+- main
+
+pool:
+ vmImage: ubuntu-latest
+
+steps:
+- task: Maven@3
+ inputs:
+ mavenPomFile: 'pom.xml'
+ mavenOptions: '-Xmx3072m'
+ javaHomeOption: 'JDKVersion'
+ jdkVersionOption: '1.8'
+ jdkArchitectureOption: 'x64'
+ publishJUnitResults: false
+ testResultsFiles: '**/surefire-reports/TEST2-*.xml'
+ goals: 'compile'
+
+
+- task: CmdLine@2
+ inputs:
+ script: 'bash <(curl -s -L https://detect.synopsys.com/detect8.sh) --blackduck.url=https://partner-demo.blackduck.synopsys.com --blackduck.api.token=OTc2NmM3M2EtY2U2NS00NWFhLTk1MzYtMjVhMTg0ODRjYzkxOjBlZTk0NzE3LWYzNWEtNDY1Ni1hNGEyLWY1MWI5NWU5NmIxYg== --detect.project.name=hello-java --detect.project.version.name=3 --detect.impact.analysis.enabled=true --detect.impact.analysis.output.path=./abc'
\ No newline at end of file
diff --git a/azure-pipelines-2.yml b/azure-pipelines-2.yml
new file mode 100644
index 00000000..7d6daadc
--- /dev/null
+++ b/azure-pipelines-2.yml
@@ -0,0 +1,27 @@
+# Starter pipeline
+
+# Start with a minimal pipeline that you can customize to build and deploy your code.
+# Add steps that build, run tests, deploy, and more:
+# https://aka.ms/yaml
+
+trigger:
+- main
+
+pool:
+ vmImage: ubuntu-latest
+
+steps:
+- script: echo Hello, world!
+ displayName: 'Run a one-line script'
+- task: SynopsysSecurityScan@1
+ inputs:
+ scanType: 'polaris'
+ bridge_polaris_application_name: 'JWtest'
+ bridge_polaris_project_name: 'HelloJava'
+ bridge_polaris_assessment_types: 'sast,sca'
+ bridge_polaris_branch_name: 'main'
+
+- script: |
+ echo Add other tasks to build, test, and deploy your project.
+ echo See https://aka.ms/yaml
+ displayName: 'Run a multi-line script'
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
new file mode 100644
index 00000000..c10d0bbf
--- /dev/null
+++ b/azure-pipelines.yml
@@ -0,0 +1,51 @@
+# example ADO pipeline for Polaris using the Bridge CLI good test
+trigger:
+- main
+
+pool:
+ vmImage: ubuntu-latest
+
+variables:
+- group: group
+- name: BRIDGE_POLARIS_APPLICATION_NAME
+ value: 'AJWhello-java' #change this name
+- name: BRIDGE_POLARIS_PROJECT_NAME
+ value: 'AJWHelloJ' # change this name
+steps:
+- task: JavaToolInstaller@0
+ displayName: 'Use Java 17'
+ inputs:
+ versionSpec: 17
+ jdkArchitectureOption: x64
+ jdkSourceOption: PreInstalled
+- task: SynopsysSecurityScan@1
+ inputs:
+ scanType: 'blackduck'
+ bridge_blackduck_url: 'https://poc304.blackduck.synopsys.com'
+ bridge_blackduck_token: 'xxxxxxxxxxxmFAKE_TOKENLWE1NzctNWMwNTYxMDMxN2ZkOjczMzkzZjQ5LWZkZWQtNGEzNC04ZjA3LTVmMzllNmI4MDg1Mw'
+ bridge_blackduck_scan_full: true
+- bash: |
+ curl -fLsS -o bridge.zip $BRIDGECLI_LINUX64 && unzip -qo -d $(Agent.TempDirectory) bridge.zip && rm -f bridge.zip
+ $(Agent.TempDirectory)/synopsys-bridge --stage polaris polaris.assessment.types=SAST
+ displayName: 'Polaris Scan'
+ env:
+ BRIDGE_POLARIS_ACCESSTOKEN: $(BRIDGE_POLARIS_ACCESSTOKEN)
+ BRIDGE_POLARIS_SERVERURL: $(BRIDGE_POLARIS_SERVERURL)
+
+
+- task: ArchiveFiles@2
+ displayName: 'Copy Log Files'
+ condition: succeededOrFailed()
+ enabled: true
+ inputs:
+ rootFolderOrFile: .bridge
+ includeRootFolder: false
+ archiveFile: '$(Build.ArtifactStagingDirectory)/bridge-logs.zip'
+
+- task: PublishBuildArtifacts@1
+ displayName: 'Publish Log Files'
+ condition: succeededOrFailed()
+ enabled: true
+ inputs:
+ PathtoPublish: '$(Build.ArtifactStagingDirectory)'
+ ArtifactName: 'logs'
diff --git a/commons-lang-2.6.jar b/commons-lang-2.6.jar
new file mode 100644
index 00000000..98467d3a
Binary files /dev/null and b/commons-lang-2.6.jar differ
diff --git a/coverity.yml b/coverity.yml
new file mode 100644
index 00000000..607a89fc
--- /dev/null
+++ b/coverity.yml
@@ -0,0 +1,4 @@
+capture:
+ build:
+ clean-command: mvn -B clean
+ build-command: mvn -B -DskipTests package
diff --git a/efi.exe b/efi.exe
new file mode 100644
index 00000000..820de05e
Binary files /dev/null and b/efi.exe differ
diff --git a/lzma.exe b/lzma.exe
new file mode 100644
index 00000000..a1e8fa7a
Binary files /dev/null and b/lzma.exe differ
diff --git a/pom.xml b/pom.xml
index 07786e47..f79f837f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -13,11 +13,23 @@
1.8
+
junit
junit
- 4.13.1
+ 4.12
test
+
+
+ org.apache.httpcomponents
+ httpclient
+ 4.0.2
+
+
+ https://github.com/openssl/openssl
+ openssl
+ 2.3.4
+
diff --git a/src/main/java/ForwardNullExample.java b/src/main/java/ForwardNullExample.java
index 9615ce06..48427e2f 100644
--- a/src/main/java/ForwardNullExample.java
+++ b/src/main/java/ForwardNullExample.java
@@ -1,6 +1,6 @@
public class ForwardNullExample {
public static Object callA() {
- // This causes a FORWARD_NULL defect report
+ // This causes a FORWARD_NULL defect report123
return testA(null);
}
diff --git a/src/main/java/HelloWorld.java b/src/main/java/HelloWorld.java
index a9d0517a..a595c335 100644
--- a/src/main/java/HelloWorld.java
+++ b/src/main/java/HelloWorld.java
@@ -3,6 +3,6 @@ public static void main(String[] args) {
//String secret = "It's a secret to everybody.";
//try { javax.crypto.spec.SecretKeySpec keyspec = new javax.crypto.spec.SecretKeySpec(secret.getBytes("UTF-8"), "AES"); }
//catch (Exception e) { System.out.println("Something went wrong."); }
- System.out.println("Hello World!");
+ System.out.println("Hello Worldtest!");
}
}