@@ -662,6 +662,47 @@ iot-vsocket-psa-crypto-mbedtls-test:
662662 variables :
663663 GIT_SUBMODULE_STRATEGY : recursive
664664
665+ # #######################
666+ # Black Duck scan #
667+ # #######################
668+ black-duck :
669+ tags :
670+ - iotmsw-amd64
671+ variables :
672+ GIT_SUBMODULE_STRATEGY : none
673+ rules :
674+ - if : ( $SCHEDULED_JOB_TO_RUN == "run-blackduck-scan" )
675+ script :
676+ - export PROJECTNAME="${BLACKDUCK_PROJECT_NAME}"
677+ - apt update -y
678+ - apt install default-jdk -y
679+ - echo "-------Starting Black Duck Scan-------"
680+ - bash <(curl -s -L ${BLACKDUCK_DETECT_SCRIPT})
681+ --blackduck.url="${BLACKDUCK_URL}"
682+ --blackduck.api.token="${BLACKDUCK_API_TOKEN}"
683+ --detect.source.path="."
684+ --detect.project.name="${PROJECTNAME}"
685+ --detect.project.version.name="${CI_COMMIT_REF_NAME}"
686+ --detect.project.tags=security_scan
687+ --detect.project.version.phase=DEVELOPMENT
688+ --detect.project.version.distribution=OPENSOURCE
689+ --detect.project.version.update=true
690+ --detect.cleanup=false
691+ --detect.impact.analysis.enabled=true
692+ --detect.binary.scan.search.depth=05
693+ --detect.blackduck.scan.mode=INTELLIGENT
694+ --detect.blackduck.signature.scanner.individual.file.matching=ALL
695+ --detect.blackduck.signature.scanner.copyright.search=true
696+ --detect.blackduck.signature.scanner.license.search=true
697+ --detect.blackduck.signature.scanner.snippet.matching=SNIPPET_MATCHING
698+ --detect.blackduck.signature.scanner.upload.source.mode=true
699+ - tar -czf fri-bd-scan-results.tar.gz -C /root/blackduck/runs .
700+ artifacts :
701+ paths :
702+ - fri-bd-scan-results.tar.gz
703+ expire_in : 1 week
704+ when : always
705+
665706# The clean up only happens once daily when the `Daily OTA cleanup`
666707# scheduled pipeline sets the `SCHEDULED_JOB_TO_RUN` variable to `cleanup`.
667708aws-cleanup :
0 commit comments