Skip to content

harness-community/drone-synopsys-detect

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
docker
docker
 
 
plugin
plugin
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Synopsys-detect plugin

Synopsis

This repository contains a plugin for running Synopsys Detect or Black Duck scans using a Go application packaged in a Docker container.

Plugin Image

The plugin plugins/synopsys-detect is available for the following architectures:

OS Tag
linux-amd64/arm64 or windows-amd64 latest
linux/amd64 linux-amd64
linux/arm64 linux-arm64
windows/amd64 windows-amd64

Parameters

Parameter Comments
blackduck_url
required		 The URL of the Black Duck server.
blackduck_token
required		 The API token for accessing the Black Duck server.
blackduck_project
required		 The name of the project in Blackduck.
blackduck_offline_mode
optional bool		 Offline Mode: This can disable Black Duck communication - if set to true, Synopsys Detect will not upload BDIO files, or check policies, and it will not download and install the signature scanner.
blackduck_test_connection
optional bool		 Test the connection to Black Duck with the current configuration.
blackduck_offline_bdio
optional bool		 This property will force Detect in offline mode to generate a BDIO even if no code locations were identified.
blackduck_trust_certs
optional bool		 If true, automatically trust the certificate for the current run of Detect only.
blackduck_timeout
optional int		 The amount of time in seconds Detect will wait for network connection, for scans to finish, and to generate reports.
blackduck_scan_mode
optional		 Set the Black Duck scanning mode of Detect. Acceptable Values: RAPID, STATELESS, INTELLIGENT.
bLackduck_properties
optional		 Additional properties to pass to the Synopsys Detect script.

Building

Build the plugin image:

# building go binaries
./scripts/build.sh

# downloading synopsys-detect jar file
./scripts/download_detect.sh

Examples

docker run --rm \
    -e PLUGIN_BLACKDUCK_URL="$PLUGIN_BLACKDUCK_URL" \
    -e PLUGIN_BLACKDUCK_TOKEN="$PLUGIN_BLACKDUCK_TOKEN" \
    -e PLUGIN_BLACKDUCK_PROJECT="$PLUGIN_BLACKDUCK_PROJECT" \
    -e PLUGIN_PROPERTIES="$PLUGIN_PROPERTIES" \
    plugins/synopsys-detect:latest


# Plugin YAML
- step:
    type: Plugin
    name: synopsys-detect-plugin-arm64
    identifier: synopsys-detect-plugin-arm64
    spec:
        connectorRef: harness-docker-connector
        image: plugins/synopsys-detect:linux-arm64
        settings:
            blackduck_url: https://abcd.blackduck.com/
            blackduck_token: some_token
            blackduck_project: test
       

- step:
    type: Plugin
    name: synopsys-detect-plugin-amd64
    identifier: synopsys-detect-plugin-amd64
    spec:
        connectorRef: harness-docker-connector
        image: plugins/synopsys-detect:linux-amd64
        settings:
            blackduck_url: https://abcd.blackduck.com/
            blackduck_token: some_token
            blackduck_project: test
            
            
- step:
    type: Plugin
    name: synopsys-detect-plugin-windows-amd64
    identifier: synopsys-detect-plugin-windows-amd64
    spec:
        connectorRef: harness-docker-connector
        image: plugins/synopsys-detect:windows-amd64
        settings:
            blackduck_url: https://abcd.blackduck.com/
            blackduck_token: some_token
            blackduck_project: test

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages