CID-3003: Add BlackDuck scanning

mohamedlajmileanix · mohamedlajmileanix · commit 228d4cdf83af · 2025-01-16T18:40:58.000+01:00
diff --git a/.github/workflows/blackduck.yml b/.github/workflows/blackduck.yml
@@ -0,0 +1,38 @@
+name: blackduck-scan
+
+concurrency:
+  group: blackduck-scan-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: 0 23 * * *
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@v4
+      - run: git fetch --depth=1
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: 'yarn'
+      - run: yarn install --frozen-lockfile --ignore-engines
+      - run: sudo apt-get install jq
+      - run: echo "project_version=LeanIX_Release_2503" >> $GITHUB_ENV
+      - name: Blackduck Scan
+        uses: SAP/project-piper-action@27cadf261545552a68660531476c0915a97ee3d8
+        with:
+          command: detectExecuteScan
+          flags: \
+            --version=$PROJECT_VERSION \
+            --excludedDirectories=test-packages
+        env:
+          PIPER_token: ${{ secrets.BLACKDUCK_TOKEN }}
+          PROJECT_VERSION: ${{ env.project_version }}
+          DETECT_TIMEOUT: 6000
+          DETECT_YARN_EXCLUDED_WORKSPACES: test-packages/**
+          DETECT_YARN_DEPENDENCY_TYPES_EXCLUDED: NON_PRODUCTION
