Security Scans #186

Workflow file for this run

.github/workflows/security.yml at 38a34d7

	name: Security Scans

	on:
	workflow_dispatch:
	workflow_call:

	jobs:
	codedx-scans:
	name: Run CodeDx Scans
	runs-on: [self-hosted, Linux]

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Run Dependency Check Scans
	uses: dependency-check/[email protected]
	with:
	project: "uikit"
	path: "."
	format: "XML"

	- name: Upload Reports to CodeDX
	run: .github/scripts/codedx-upload.sh
	env:
	CODE_DX_URL: "${{ secrets.CODE_DX_URL }}"
	CODE_DX_API_KEY: ${{ secrets.CODE_DX_API_KEY }}
	CODE_DX_PROJECT_ID: 120

	black-duck-scans:
	name: Run Black Duck Scans
	runs-on: [self-hosted, Linux]
	strategy:
	fail-fast: false
	matrix:
	PACKAGE: ["code-editor", "core", "icons"]

	#, "lab", "shared", "styles", "uno-preset", "viz"]

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Install Node.js
	uses: actions/setup-node@v4
	with:
	node-version: 18

	# ==========================
	# code-editor (npm package)
	# ==========================

	# Install dependencies inside each package so blackduck can scan them
	# To do this we need to remove the package.json and package-lock.json from the root
	- name: Prepare packages for Blackduck scan
	uses: lumada-common-services/[email protected]
	with:
	command: \|
	rm -rf node_modules package.json package-lock.json && \
	cd packages/${{ matrix.PACKAGE }} && npm i

	- name: Get BlackDuck project name
	run: echo "BLACKDUCK_PROJECT=$(./.github/scripts/getBlackduckProject.sh ${{ matrix.PACKAGE }})" >> $GITHUB_ENV

	- name: Get BlackDuck project version
	run: echo "PROJECT_VERSION=$( npm pkg get version --workspaces=false \| tr -d '"' )" >> $GITHUB_ENV
	working-directory: packages/${{ matrix.PACKAGE }}

	- name: Load blackduck project properties
	shell: bash
	run: echo "BLACKDUCK_ARGS=$(.github/scripts/getBlackduckArgs ${{ matrix.PACKAGE }})" >> $GITHUB_ENV

	- name: Blackduck Scan
	uses: lumada-common-services/[email protected]
	env:
	BLACKDUCK_DOCKER_USERNAME: hvservices-service-cicd
	BLACKDUCK_DOCKER_PASSWORD: ${{ secrets.ARTIFACTORY_HVSERVICES_CICD_TOKEN }}
	BlackDuck_Project_Name: "@hitachivantara/uikit-${{ env.BLACKDUCK_PROJECT }}"
	BlackDuck_Source_Path: /workdir/packages
	BlackDuck_Project_Version: "${{ env.PROJECT_VERSION }}"
	BlackDuck_Api_Token: "${{ secrets.BLACKDUCK_TOKEN }}"
	BlackDuck_Url: "${{ secrets.BLACKDUCK_URL }}"
	ADDITIONAL_ARGS: "${{ env.BLACKDUCK_ARGS }}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security Scans #186

Workflow file

Security Scans #186

Jobs

Run details

Workflow file for this run