Skip to content

CHEF-31151: enable Polaris integration #1001

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Nik08 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

CHEF-31151: enable Polaris integration #1001

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions .github/workflows/ci-main-pull-request-stub.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,15 +117,15 @@ jobs:

# BlackDuck SAST (Polaris) require a build or binary present in repo to do SAST testing
# requires these secrets: POLARIS_SERVER_URL, POLARIS_ACCESS_TOKEN
perform-blackduck-polaris: false
perform-blackduck-polaris: true
polaris-application-name: "Chef-Agents" # one of these: Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services, Chef-Other, Chef-Non-Product
polaris-project-name: ${{ github.event.repository.name }} # arch-sample-cli
polaris-working-directory: '.' # Working directory for the scan, defaults to . but usually lang-dependent like ./src
polaris-coverity-build-command: 'go build -o bin/chef-cli.exe' # Coverity build command, typically done in build stage by language or here as param 1-liner like "mvn clean install"
polaris-coverity-clean-command: 'go clean' # Coverity clean command, typically done before build stage by language or here as param 1-liner like "mvn clean"
polaris-detect-search-depth: '5' # Detect search depth, blank but can be set to "3" to search up to 3 levels of subdirectories for code to scan'
polaris-assessment-mode: 'SAST' # Assessment mode (SAST, CI or SOURCE_UPLOAD)
wait-for-scan: true
# polaris-working-directory: '.' # Working directory for the scan, defaults to . but usually lang-dependent like ./src
# polaris-coverity-build-command: 'go build -o bin/chef-cli.exe' # Coverity build command, typically done in build stage by language or here as param 1-liner like "mvn clean install"
# polaris-coverity-clean-command: 'go clean' # Coverity clean command, typically done before build stage by language or here as param 1-liner like "mvn clean"
# polaris-detect-search-depth: '5' # Detect search depth, blank but can be set to "3" to search up to 3 levels of subdirectories for code to scan'
# polaris-assessment-mode: 'SAST' # Assessment mode (SAST, CI or SOURCE_UPLOAD)
# wait-for-scan: true
# polaris-detect-args: '' # Additional Detect arguments, can supply extra arguments like "--detect.diagnostic=true"
# coverity_build_command: "go build"
# coverity_clean_command: "go clean"
Expand Down
Loading