forked from synopsys-sig/detect-action
-
Notifications
You must be signed in to change notification settings - Fork 2
/
action.yml
80 lines (79 loc) · 2.94 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
name: 'Synopsys Detect Scan Action'
branding:
icon: 'shield'
color: 'purple'
description: 'A GitHub action to perform a Black Duck Detect scan and record the results'
inputs:
github-token:
description: 'Your GitHub token'
required: true
detect-version:
description: |-
Detect version to be used on Black Duck scan.
The following input patterns are allowed:
- A full version (e.g. 8.4.0) to scan using that exact version.
- A major version (e.g. 8) to scan using the latest version of the given major.
- Empty or not specified, to scan using the latest version of Detect.
required: false
blackduck-url:
description: 'Url of Black Duck instance'
required: true
blackduck-api-token:
description: 'API Token for Black Duck instance'
required: true
scan-mode:
description: |-
Configures how Detect is invoked. When specified use one of the following:
- RAPID: will not persist the results and disables selected Detect functionality for faster results.
- INTELLIGENT: persists the results and allows all features of Detect.
required: false
default: 'RAPID'
fail-on-all-policy-severities:
description: |-
By default, Detect will only fail on policy violations with BLOCKER or CRITICAL severities.
This flag will cause the action to fail on all policy severities.
required: false
default: 'false'
output-path-override:
description: 'Override for where to output Detect files, default is $RUNNER_TEMP/blackduck/'
required: false
detect-trust-cert:
description: |-
When set to true Detect will trust the Black Duck certificate
even if the certificate is not in the keystore.
required: false
default: 'true'
fail-if-detect-fails:
description: 'Fail the action if detect exits with an error code'
required: false
default: 'false'
comment-pr-on-success:
description: 'Comment pull requests if no violations found'
required: false
default: 'true'
no-policy-violations-found-comment:
description: 'PR comment to post when no policy violations are found'
required: false
# language=markdown
default: |-
# :white_check_mark: Black Duck - None of your dependencies violate policy!
policy-violations-found-comment-warning:
description: 'Warning PR comment to post when policy violations are found'
required: false
# language=markdown
default: |-
# :warning: Black Duck - Found dependencies violating policy!
policy-violations-found-comment-failure:
description: 'Failure PR comment to post when policy violations are found'
required: false
# language=markdown
default: |-
# :x: Black Duck - Found dependencies violating policy!
outputs:
detect-exit-code:
description: 'A number indicating Detect exit code'
detect-exit-code-name:
description: 'The corresponding human name of the error code'
runs:
using: 'node20'
main: 'dist/index.js'