Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add policy compliance scan to the repository #5

Closed
wants to merge 2 commits into from
Closed

Add policy compliance scan to the repository #5

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0bc926e
ci: workflow: Add policy compliance workflow
hfakkiz Dec 9, 2024
72129fe
ci: Test commit
hfakkiz Dec 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 40 additions & 0 deletions .github/workflows/policy_compliance.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
# Copyright (c) 2024 Analog Devices, Inc.
# SPDX-License-Identifier: Apache-2.0

name: ADI HAL_ADI Policy Compliance Scan

on:
workflow_dispatch:
push:
branches:
- develop
- main
- release*
- policy-compliance-scan

jobs:
perform-scan:
name: Scan sources for policy compliance
runs-on: [ubuntu-latest]
environment: policy-scan # envrionment to handle secrets and restrictions
steps:
- name: Run policy compliance scan
uses: synopsys-sig/[email protected]
env:
# name and version of a corresponding Black Duck project
# project name for first-time projects should correspond to
# component's name in catalog-info.yaml file
DETECT_PROJECT_NAME: oa_hal_adi_analogdevicesinc
# version should correspond to
# components's version in catalog-info.yaml file
DETECT_PROJECT_VERSION_NAME: ${{ github.ref_name }}
# standard set of scan parameters
DETECT_BLACKDUCK_SIGNATURE_SCANNER_LICENSE_SEARCH: true
DETECT_BLACKDUCK_SIGNATURE_SCANNER_COPYRIGHT_SEARCH: true
DETECT_BLACKDUCK_SIGNATURE_SCANNER_INDIVIDUAL_FILE_MATCHING: ALL
DETECT_EXCLUDED_DETECTOR_TYPES: GIT
with:
blackduck_url: ${{ vars.BLACKDUCK_URL }} # configured as GH environment variable
blackduck_token: ${{ secrets.BLACKDUCK_TOKEN }} # configured as GH environment secret
blackduck_waitForScan: true
blackduck_args: "--detect.policy.check.fail.on.severities=BLOCKER,CRITICAL --detect.timeout=900"
Loading