build(deps): Bump blackduck-inc/black-duck-security-scan from 2.3.0 to 2.4.0 (#1300)

dependabot[bot] · web-flow · commit a6e62a085644 · 2025-09-15T10:06:56.000-07:00
Bumps [blackduck-inc/black-duck-security-scan](https://github.com/blackduck-inc/black-duck-security-scan) from 2.3.0 to 2.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/blackduck-inc/black-duck-security-scan/releases">blackduck-inc/black-duck-security-scan's releases</a>.</em></p> <blockquote> <h2>Black Duck Security Scan v2.4.0</h2> <p>Polaris Local scan Analysis changes</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/blackduck-inc/black-duck-security-scan/commit/5abc793768e083888eea96408638dc1e0dbdde6a"><code>5abc793</code></a> Merge pull request <a href="https://redirect.github.com/blackduck-inc/black-duck-security-scan/issues/107">#107</a> from blackduck-inc/action_version_update_2.4.0</li> <li><a href="https://github.com/blackduck-inc/black-duck-security-scan/commit/9ce44e9e807260df27dcb2594ffdc48b98795cca"><code>9ce44e9</code></a> upgrade action version to 2.4.0 [skip ci]</li> <li><a href="https://github.com/blackduck-inc/black-duck-security-scan/commit/732498a8e2b5f74d02b69fa6590ba08475ea1677"><code>732498a</code></a> Polaris Assesment mode resource deprecarion message is updated to INFO Log</li> <li><a href="https://github.com/blackduck-inc/black-duck-security-scan/commit/d8845652310094769bfc6d5e17c1c38cd16c5f11"><code>d884565</code></a> Updated Log message</li> <li><a href="https://github.com/blackduck-inc/black-duck-security-scan/commit/04896d3bc1d8cb9c6168fa7e82bd5f3c82ae9d4f"><code>04896d3</code></a> Updated INFO Message</li> <li><a href="https://github.com/blackduck-inc/black-duck-security-scan/commit/b1878a78a40d18fffbea60664c23f1bc5780258a"><code>b1878a7</code></a> Updated Info message to assessment mode deprecation</li> <li><a href="https://github.com/blackduck-inc/black-duck-security-scan/commit/d639193262ba0110721725fb6cf256b850c03d4a"><code>d639193</code></a> Updated action.yml</li> <li><a href="https://github.com/blackduck-inc/black-duck-security-scan/commit/34a0fe01c2306d8dd802b781a8b565c812d8b611"><code>34a0fe0</code></a> Updated Deprecated resource name in action.yml</li> <li><a href="https://github.com/blackduck-inc/black-duck-security-scan/commit/259d84fa6bc95eb4e416b318bef7d96df203cc04"><code>259d84f</code></a> Updated Action.yml</li> <li><a href="https://github.com/blackduck-inc/black-duck-security-scan/commit/57aa8d8626f2d5be195bdb025f44f0254c229e2f"><code>57aa8d8</code></a> Removed polaris_assessment_mode resource from action.yml</li> <li>Additional commits viewable in <a href="https://github.com/blackduck-inc/black-duck-security-scan/compare/v2.3.0...v2.4.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=blackduck-inc/black-duck-security-scan&package-manager=github_actions&previous-version=2.3.0&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/blackduck.yaml b/.github/workflows/blackduck.yaml
@@ -61,7 +61,7 @@ jobs:
 
       - name: Black Duck Full Scan
         if: ${{ github.event_name != 'pull_request' }}
-        uses: blackduck-inc/black-duck-security-scan@v2.3.0
+        uses: blackduck-inc/black-duck-security-scan@v2.4.0
         with:
           blackducksca_url: ${{ secrets.BLACKDUCK_URL }}
           blackducksca_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
@@ -71,7 +71,7 @@ jobs:
 
       - name: Black Duck PR Scan
         if: ${{ github.event_name == 'pull_request' }}
-        uses: blackduck-inc/black-duck-security-scan@v2.3.0
+        uses: blackduck-inc/black-duck-security-scan@v2.4.0
         env:
           DETECT_PROJECT_VERSION_NAME: ${{ github.base_ref }}
         with:
