-
Notifications
You must be signed in to change notification settings - Fork 18
/
action.yml
253 lines (253 loc) · 10 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
name: 'Synopsys Action'
branding:
icon: 'shield'
color: 'purple'
description: 'Deprecated:Please use Black Duck Security Scan "https://github.com/marketplace/actions/black-duck-security-scan"'
author: 'Synopsys Inc'
inputs:
coverity_url:
description: 'Coverity url'
required: false
coverity_user:
description: 'Coverity user name'
required: false
coverity_passphrase:
description: 'Coverity password'
required: false
coverity_project_name:
description: 'Coverity Project Name'
required: false
coverity_stream_name:
description: 'Coverity Stream Name'
required: false
coverity_install_directory:
description: 'Coverity Install Directory'
required: false
coverity_policy_view:
description: 'Coverity Policy View'
required: false
coverity_repository_name:
description: 'Repository Name'
required: false
coverity_branch_name:
description: 'Branch name'
required: false
coverity_local:
description: 'Flag to enable/disable to run coverity scan locally.'
required: false
coverity_version:
description: 'If provided, Synopsys Action will download specific version of coverity thin client to use.'
required: false
coverity_prComment_enabled:
description: 'Flag to enable pull request comments for new issues found in the Coverity scan'
required: false
coverity_waitForScan:
description: 'Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.'
required: false
coverity_build_command:
description: 'Build command for Coverity'
required: false
coverity_clean_command:
description: 'Clean command for Coverity'
required: false
coverity_config_path:
description: 'Coverity config file path (.yaml/.yml/.json)'
required: false
coverity_args:
description: 'Additional Coverity Arguments separated by space'
required: false
bridge_coverity_version:
description: 'If provided, Synopsys Action will download specific version of coverity thin client to use.'
required: false
polaris_access_token:
description: 'Polaris Access Token'
required: false
polaris_application_name:
description: 'Polaris Application Name'
required: false
polaris_project_name:
description: 'Polaris Project Name'
required: false
polaris_assessment_types:
description: 'Polaris Assess Types SAST/SCA'
required: false
polaris_server_url:
description: 'Polaris Server URL'
required: false
polaris_prComment_enabled:
description: 'Flag to enable pull request comments based on Polaris scan result'
required: false
polaris_prComment_severities:
description: 'List of severities for which the PR Comments should be created'
required: false
polaris_triage:
description: 'Polaris Triage'
required: false
polaris_branch_name:
description: 'Polaris branch name'
required: false
polaris_branch_parent_name:
description: 'Polaris parent branch name'
required: false
polaris_test_sca_type:
description: 'Polaris test type to trigger signature scan or package manager scan'
required: false
polaris_reports_sarif_create:
description: 'Flag to enable/disable Polaris SARIF report generation'
required: false
polaris_reports_sarif_file_path:
description: 'File path including file name where Polaris SARIF report should be created'
required: false
polaris_reports_sarif_severities:
description: 'Indicates what SAST/SCA issues severity categories to include in Polaris SARIF file report'
required: false
polaris_reports_sarif_groupSCAIssues:
description: 'Flag to enable/disable Component-Version grouping for SCA Issues in Polaris SARIF report rules section'
required: false
polaris_reports_sarif_issue_types:
description: 'Enum to indicate which assessment issues type to include in Polaris SARIF file report'
required: false
polaris_upload_sarif_report:
description: 'Flag to enable/disable uploading of Polaris SARIF report to GitHub Advanced Security'
required: false
polaris_waitForScan:
description: 'Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.'
required: false
polaris_assessment_mode:
description: 'The test mode type of this scan'
required: false
project_directory:
description: 'The project source directory. Defaults to repository root directory. Set this to specify a custom folder that is other than repository root'
required: false
project_source_archive:
description: 'The zipped source file path. It overrides the project directory setting'
required: false
project_source_preserveSymLinks:
description: 'Flag indicating whether to preserve symlinks in the source zip'
required: false
project_source_excludes:
description: 'A list of git ignore pattern strings that indicate the files need to be excluded from the zip file'
required: false
synopsys_bridge_install_directory:
description: 'Synopsys Bridge Install Directory'
required: false
synopsys_bridge_download_url:
description: 'URL to download bridge from'
required: false
blackduck_url:
description: 'URL for blackduck hub'
required: false
blackduck_token:
description: 'API token to access blackduck'
required: false
blackduck_install_directory:
description: 'Directory to find or install detect'
required: false
blackduck_scan_full:
description: 'Scan Mode. (true for intelligent scan & false for rapid scan)'
required: false
blackduck_scan_failure_severities:
description: 'If provided, Blackduck will break the build if any issues produced match one of the given severities'
required: false
blackduck_automation_fixpr:
description: 'If set as true, separate Fix PRs will be created if vulnerability is found after scan'
required: false
blackduck_fixpr_enabled:
description: 'Flag to enable/disable the automatic fix pull request creations for Black Duck'
required: false
blackduck_fixpr_maxCount:
description: 'Maximum number of Pull Requests to be created that violate policies'
required: false
blackduck_fixpr_filter_severities:
description: 'If provided, Fix PRs will be created only for given severities'
required: false
blackduck_fixpr_useUpgradeGuidance:
description: 'Flag to enable long term upgrade guidance'
required: false
synopsys_bridge_download_version:
description: 'If provided, Synopsys-action will configure the version of Bridge'
required: false
blackduck_prComment_enabled:
description: 'Flag to enable pull request comments for new issues found in the Black Duck scan'
required: false
blackduck_reports_sarif_create:
description: 'Flag to enable/disable Black Duck SARIF report generation'
required: false
blackduck_reports_sarif_file_path:
description: 'File path including file name where Black Duck SARIF report should be created'
required: false
blackduck_reports_sarif_severities:
description: 'Indicates what SAST/SCA issues severity categories to include in Black Duck SARIF file report'
required: false
blackduck_reports_sarif_groupSCAIssues:
description: 'Flag to enable/disable Component-Version grouping for SCA Issues in Black Duck SARIF report rules section'
required: false
blackduck_upload_sarif_report:
description: 'Flag to enable/disable uploading of Black Duck SARIF report to GitHub Advanced Security'
required: false
blackduck_waitForScan:
description: 'Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.'
required: false
blackduck_search_depth:
description: 'Number indicating the search depth in the source directory'
required: false
blackduck_args:
description: 'Additional Black Duck Arguments separated by space'
required: false
blackduck_config_path:
description: 'Black Duck config file path (.properties/.yml)'
required: false
blackduck_policy_badges_create:
description: 'To enable creation of badges on the GitHub repository'
required: false
blackduck_policy_badges_maxCount:
description: 'To limit number of badges to be displayed on the GitHub repository'
required: false
srm_url:
description: 'SRM Url'
required: false
srm_apikey:
description: 'SRM Api Key'
required: false
srm_assessment_types:
description: 'SRM Assessment Types'
required: false
srm_project_name:
description: 'SRM project name'
required: false
srm_branch_name:
description: 'SRM branch name'
required: false
srm_project_id:
description: 'SRM branch Id'
required: false
srm_branch_parent:
description: 'SRM branch parent'
required: false
srm_waitForScan:
description: 'Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.'
required: false
coverity_execution_path:
description: 'Coverity execution path'
required: false
blackduck_execution_path:
description: 'Black Duck execution path'
required: false
github_token:
description: 'Github token to be used for git related rest operation'
required: false
include_diagnostics:
description: 'To include diagnostics info and export as zip'
required: false
diagnostics_retention_days:
description: 'Number of days to keep the diagnostics files downloadable'
required: false
bridge_network_airgap:
description: 'If provided, Synopsys Action will be using local network to download and execute bridge .'
required: false
network_airgap:
description: 'If provided, Synopsys Action will be using local network to download and execute bridge .'
required: false
runs:
using: 'node20'
main: 'dist/index.js'