chuckaude · jwaizguy · Aug 7, 2022 · Aug 7, 2022 · Aug 7, 2022 · Aug 7, 2022
diff --git a/.github/workflows/BitBucket-Polaris.yml b/.github/workflows/BitBucket-Polaris.yml
@@ -0,0 +1,42 @@
+name: CI-Polaris-
+on:
+  push:
+    branches: [ main, master, develop, stage, release ]
+  pull_request:
+    branches: [ main, master, develop, stage, release ]
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: [ ubuntu-latest ]
+    steps:
+      - name: checkout-bitbucket
+        run: git clone https://[email protected]/jwpolaris/hello-java.git
+      - name: Setup Java JDK
+        uses: actions/setup-java@v4
+        with:
+           java-version: 11
+           distribution: microsoft
+           cache: maven
+      - name: Polaris Scan
+        uses: synopsys-sig/[email protected]
+        env:
+          DETECT_DETECTOR_SEARCH_DEPTH: 10
+        with:
+          ### SCANNING: Required fields
+          polaris_server_url: ${{ vars.POLARIS_SERVERURL }}
+          polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+          polaris_assessment_types: "SCA,SAST"
+
+
+          ### SCANNING: Optional fields
+          polaris_application_name: AJW-${{ github.event.repository.name }}
+          # polaris_project_name: ${{ github.event.repository.name }}
+
+          ### PULL REQUEST COMMENTS: Uncomment below to enable
+          polaris_prComment_enabled: true 
+          github_token: ${{ secrets.GITHUB_TOKEN }} # Required when PR comments is enabled
+
+          ### SARIF report parameters
+          polaris_reports_sarif_create: true
+          polaris_upload_sarif_report: true
diff --git a/.github/workflows/Blackduck-Polaris.yml b/.github/workflows/Blackduck-Polaris.yml
@@ -0,0 +1,44 @@
+name: CI-Polaris-Basic 
+on:
+  push:
+    branches: [ main, master, develop, stage, release ]
+  pull_request:
+    branches: [ main, master, develop, stage, release ]
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: [ ubuntu-latest ]
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v4
+      - name: Setup Java JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: 17
+          distribution: microsoft
+          cache: maven
+      - name: NEW Polaris Scan 1
+        uses:  blackduck-inc/[email protected]
+        with:
+          ### SCANNING: Required fields
+          polaris_server_url: ${{ secrets.POLARIS_SERVER_URL }}
+          polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+          polaris_assessment_types: "SCA,SAST"
+          polaris_application_name: "JWtest"
+          polaris_project_name: "hello-java"
+          polaris_branch_name: "main41"
+
+
+          ### PULL REQUEST COMMENTS: Uncomment below to enable
+          # polaris_prComment_enabled: ${{ github.event_name == 'pull_request' && 'true' || 'false' }}
+          #polaris_prComment_enabled: true 
+          #github_token: ${{ secrets.git_pat }} # Required when PR comments is enabled
+
+      #- name: Save Logs
+       # if: always()
+       # uses: actions/upload-artifact@v3
+       # with:
+        # name: bridge-logs
+         #path: ${{ github.workspace }}/.bridge/**/*.json
+
diff --git a/.github/workflows/Class1.yml b/.github/workflows/Class1.yml
@@ -0,0 +1,98 @@
+# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven
+
+# This workflow uses actions that are not certified by GitHub what a pitty
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Java CI with Maven
+
+on:
+  push:
+    branches: [ "main", "jw*.*" ]
+  pull_request:
+    branches: [ "main", "jw*.*" ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up JDK 17
+      uses: actions/setup-java@v4
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+        cache: maven
+    - name: Black Duck Security Scan
+      uses: blackduck-inc/[email protected]
+      with:
+         # Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.
+          #  coverity_waitForScan: # optional
+    # Build command for Coverity
+          #  coverity_build_command: # optional
+    # Clean command for Coverity
+           # coverity_clean_command: # optional
+    # Coverity config file path (.yaml/.yml/.json)
+       # If provided, Black Duck Security Action will download specific version of coverity thin client to use.
+            #bridge_coverity_version: # optional
+            polaris_server_url: ${{ secrets.POLARIS_SERVER_URL }}
+            polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+            polaris_assessment_types: "SCA"
+            polaris_application_name: "JoseWaizman2"
+            polaris_project_name: "hello-java"
+            polaris_branch_name: "jw-13"
+    # Flag to enable pull request comments based on Polaris scan result
+            polaris_prComment_enabled: "true"
+            github_token: ${{ secrets.GITHUB_TOKEN }}
+    # List of severities for which the PR Comments should be created
+            polaris_prComment_severities: "CRITICAL,HIGH,MEDIUM,LOW"
+    # Polaris parent branch name
+            polaris_branch_parent_name: main
+    # Polaris test type to trigger signature scan or package manager scan
+            polaris_test_sca_type: "SCA-SIGNATURE"
+            # Flag to enable/disable Polaris SARIF report generation
+            polaris_reports_sarif_create: yes
+            # File path including file name where Polaris SARIF report should be created
+            # polaris_reports_sarif_file_path: # optional
+            # Indicates what SAST/SCA issues severity categories to include in Polaris SARIF file report
+            polaris_reports_sarif_severities: "CRITICAL,HIGH,MEDIUM,LOW"
+            # Flag to enable/disable Component-Version grouping for SCA Issues in Polaris SARIF report rules section
+            # polaris_reports_sarif_groupSCAIssues: # optional
+    # Enum to indicate which assessment issues type to include in Polaris SARIF file report
+            # polaris_reports_sarif_issue_types: "SAST,SCA"
+        # Flag to enable/disable uploading of Polaris SARIF report to GitHub Advanced Security
+            polaris_upload_sarif_report: yes
+        # Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.
+            # polaris_waitForScan: # optional
+          # The test mode type of this scan
+            # polaris_assessment_mode: # optional
+          # The project source directory. Defaults to repository root directory. Set this to specify a custom folder that is other than repository root
+            # project_directory: # optional
+          # The zipped source file path. It overrides the project directory setting
+            # project_source_archive: # optional
+          # Flag indicating whether to preserve symlinks in the source zip
+            # project_source_preserveSymLinks: # optional
+          # A list of git ignore pattern strings that indicate the files need to be excluded from the zip file
+            # project_source_excludes: # optional
+          # Bridge CLI Install Directory
+            # bridgecli_install_directory: # optional
+          # URL to download bridge from
+            # bridgecli_download_url: # optional
+          # Github token to be used for git related rest operation
+            # github_token: # optional
+          # To include diagnostics info and export as zip
+            include_diagnostics: no
+          # Number of days to keep the diagnostics files downloadable
+            #diagnostics_retention_days: # optional
+          # To enable creation of badges on the GitHub repository for polaris
+            polaris_policy_badges_create: yes
+          # To limit number of badges to be displayed on the GitHub repository for polaris
+            # polaris_policy_badges_maxCount: # optional
+          # Specify the build status if policy violating issues are found.
+            #mark_build_status: "success"
+
+
diff --git a/.github/workflows/SynopsysDetect.yaml b/.github/workflows/SynopsysDetect.yaml
@@ -0,0 +1,44 @@
+name: CI-Polaris-Basic 
+on:
+  push:
+    branches: [ main, master, develop, stage, release ]
+  pull_request:
+    branches: [ main, master, develop, stage, release ]
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: [ ubuntu-latest ]
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v4
+      - name: NEW Polaris Scan 1
+        uses: synopsys-sig/[email protected]
+        with:
+          ### SCANNING: Required fields
+          polaris_server_url: ${{ secrets.POLARIS_SERVER_URL }}
+          polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+          polaris_assessment_types: "SCA,SAST"
+          polaris_application_name: "JWtest"
+          polaris_project_name: "HelloJava"
+
+
+          ### PULL REQUEST COMMENTS: Uncomment below to enable
+          #polaris_prComment_enabled: ${{ github.event_name == 'pull_request' && 'true' || 'false' }}
+          github_token: ${{ secrets.GIT_PAT }} # Required when PR comments is enabled
+          #polaris_reports_sarif_create: ${{ github.event_name != 'pull_request' && 'true' || 'false' }}
+          polaris_reports_sarif_severities: "CRITICAL,HIGH,MEDIUM,LOW"
+          polaris_reports_sarif_groupSCAIssues: true
+          polaris_reports_sarif_create: true
+          polaris_upload_sarif_report: true
+          polaris_reports_sarif_issue_types: 'SCA, SAST' 
+          # polaris_upload_sarif_report: ${{ github.event_name != 'pull_request' && 'true' || 'false' }}
+
+
+      #- name: Save Logs
+       # if: always()
+       # uses: actions/upload-artifact@v3
+       # with:
+        # name: bridge-logs
+         #path: ${{ github.workspace }}/.bridge/**/*.json
+
diff --git a/.github/workflows/blackduck.yml b/.github/workflows/blackduck.yml
@@ -21,7 +21,11 @@ jobs:
     - uses: actions/setup-java@v1
       with:
         java-version: 11
+
     - name: Black Duck Scan
       uses: blackducksoftware/github-action@v2
       with:
         args: --detect.project.name=$PROJECT --detect.project.version.name=$BRANCH --detect.excluded.detector.types=GRADLE
+    - name: Upload to CoPilot
+      if: github.event_name == 'push' || github.event_name == 'pull_request'
+      run: bash <(curl -s https://copilot.blackducksoftware.com/ci/githubactions/scripts/upload)
diff --git a/.github/workflows/demo.yml b/.github/workflows/demo.yml
@@ -0,0 +1,39 @@
+name: CI-Polaris-1
+on:
+  push:
+    branches: [ main, master, develop, stage, release ]
+  pull_request:
+    branches: [ main, master, develop, stage, release ]
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: [ ubuntu-latest ]
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v4
+      - name: Setup Java JDK
+        uses: actions/setup-java@v4
+        with:
+           java-version: 11
+           distribution: microsoft
+           cache: maven
+      - name: Polaris Scan
+        uses: synopsys-sig/[email protected]
+        with:
+          ### SCANNING: Required fields
+          polaris_server_url: ${{ vars.POLARIS_SERVERURL }}
+          polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+          polaris_assessment_types: "SCA,SAST"
+
+          ### SCANNING: Optional fields
+          polaris_application_name: AJW-${{ github.event.repository.name }}
+          # polaris_project_name: ${{ github.event.repository.name }}
+
+          ### PULL REQUEST COMMENTS: Uncomment below to enable
+          polaris_prComment_enabled: true 
+          github_token: ${{ secrets.GIT_PAT }} # Required when PR comments is enabled
+
+          ### SARIF report parameters
+          polaris_reports_sarif_create: true
+          polaris_upload_sarif_report: true
diff --git a/.github/workflows/demoyml b/.github/workflows/demoyml
@@ -0,0 +1,37 @@
+name: CI-Polaris-Jose
+on:
+  push:
+    branches: [ main, master, develop, stage, release ]
+  pull_request:
+    branches: [ main, master, develop, stage, release ]
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: [ ubuntu-latest ]
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v4
+      - name: Polaris Scan
+        uses: synopsys-sig/[email protected]
+        with:
+          ### SCANNING: Required fields
+          polaris_server_url: ${{ vars.POLARIS_SERVERURL }}
+          polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+          polaris_assessment_types: "SCA,SAST"
+
+          ### SCANNING: Optional fields
+          # polaris_application_name: ${{ github.event.repository.name }}
+          # polaris_project_name: ${{ github.event.repository.name }}
+
+          ### PULL REQUEST COMMENTS: Uncomment below to enable
+          # polaris_prComment_enabled: true 
+          # github_token: ${{ secrets.GITHUB_TOKEN }} # Required when PR comments is enabled
+
+          polaris_reports_sarif_create: true  
+          # polaris_reports_sarif_file_path: '/Users/tmp/report.sarif.json' # File path (including file name) where SARIF report is created.
+          polaris_reports_sarif_severities: "CRITICAL,HIGH"
+          polaris_reports_sarif_groupSCAIssues: true 
+          polaris_reports_sarif_issue_types: 'SCA, SAST' 
+          polaris_upload_sarif_report: true 
+          github_token: ${{ secrets.GITHUB_TOKEN }} # Required when polaris_upload_sarif_report is set as true
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,44 @@
+name: CI-Polaris-Basic 
+on:
+  push:
+    branches: [ main, master, develop, stage, release ]
+  pull_request:
+    branches: [ main, master, develop, stage, release ]
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: [ ubuntu-latest ]
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v4
+      - name: Setup Java JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: 17
+          distribution: microsoft
+          cache: maven
+      - name: NEW Polaris Scan 1
+        uses: synopsys-sig/[email protected]
+        with:
+          ### SCANNING: Required fields
+          polaris_server_url: ${{ secrets.POLARIS_SERVER_URL }}
+          polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+          polaris_assessment_types: "SCA,SAST"
+          polaris_application_name: "JWtest"
+          polaris_project_name: "HelloJava"
+          polaris_branch_name: "main"
+
+
+          ### PULL REQUEST COMMENTS: Uncomment below to enable
+          polaris_prComment_enabled: ${{ github.event_name == 'pull_request' && 'true' || 'false' }}
+          polaris_prComment_enabled: true 
+          github_token: ${{ secrets.git_pat }} # Required when PR comments is enabled
+
+      #- name: Save Logs
+       # if: always()
+       # uses: actions/upload-artifact@v3
+       # with:
+        # name: bridge-logs
+         #path: ${{ github.workspace }}/.bridge/**/*.json
+