# example workflow for Black Duck scans using the Detect CLI

name: bd-detect-cli

on:

push:

branches: [ main, master, develop, stage, release ]

pull_request:

branches: [ main, master, develop, stage, release ]

workflow_dispatch:

jobs:

blackduck:

runs-on: ubuntu-latest

steps:

- name: Checkout Source

uses: actions/checkout@v4

- name: Setup Java JDK

uses: actions/setup-java@v4

with:

java-version: 17

distribution: microsoft

cache: maven

- name: Maven Build

run: mvn -B -DskipTests package

- name: Black Duck Scan

env:

BLACKDUCK_URL: ${{ vars.BLACKDUCK_URL }}

BLACKDUCK_API_TOKEN: ${{ secrets.BLACKDUCK_API_TOKEN }}

DETECT_PROJECT_NAME: ${{ github.event.repository.name }}

DETECT_PROJECT_VERSION_NAME: ${{ github.ref_name }}

DETECT_CODE_LOCATION_NAME: ${{ github.event.repository.name }}-${{ github.ref_name }}

run: |

curl -fLsS -o ${{ runner.temp }}/detect9.sh https://detect.synopsys.com/detect9.sh && chmod +x ${{ runner.temp }}/detect9.sh

${{ runner.temp }}/detect9.sh --detect.policy.check.fail.on.severities=BLOCKER