Skip to content

Black Duck Security Scan

Actions
Find and fix software weaknesses and vulnerabilities during development, before you ship or deploy
v2.0.0
Latest
By blackduck-inc
Verified creator
Star (3)

Verified

GitHub has manually verified the creator of the action as an official partner organization. For more info see About badges in GitHub Marketplace.

Black Duck Security Scan

NOTE: If you are currently using the old Synopsys Action, please follow these instructions to migrate from Synopsys Action to this new Black Duck Security Scan Action.

GitHub tag (latest SemVer)

Black Duck Security Action allows you to integrate Static Analysis Security Testing (SAST) and Software Composition Analysis (SCA) into your CI/CD pipelines. Black Duck Security Action leverages Bridge-CLI, a foundational piece of technology that has built-in knowledge of how to run all major black duck security testing solutions, plus common workflows for platforms like GitHub.

To use Black Duck Security Action, please follow the steps below:

  1. Configure GitHub as described in the GitHub Prerequisites page.

  2. Install and configure Black Duck Security Action for the Black Duck product you are using.
    Polaris
    Black Duck SCA
    Coverity
    SRM

  3. For additional configuration options, visit the Additional GitHub Configuration page.

As an alternative to Black Duck Security Action, you also have the option to use Bridge CLI.
Detailed documentation for Bridge CLI can be found here.

Contributors (12)

@kishorikumar@kiranblackduck@gouravjblackduck@lokeshbd@spurohitsynopsys@sig-tithi@sadmananik@renukachalavadi@maksudur-rahman-maruf@zaman-akib@snps-badyanka@sig-rnd-int-e2e

Resources

Black Duck Security Scan is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

About

Find and fix software weaknesses and vulnerabilities during development, before you ship or deploy
v2.0.0
Latest
By blackduck-inc

Verified

GitHub has manually verified the creator of the action as an official partner organization. For more info see About badges in GitHub Marketplace.

Contributors (12)

@kishorikumar@kiranblackduck@gouravjblackduck@lokeshbd@spurohitsynopsys@sig-tithi@sadmananik@renukachalavadi@maksudur-rahman-maruf@zaman-akib@snps-badyanka@sig-rnd-int-e2e

Resources

Black Duck Security Scan is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.