synopsys-sig · sadmananik · Aug 30, 2024 · Sep 3, 2024 · Sep 3, 2024 · Sep 3, 2024
diff --git a/.github/workflows/all-scans.yml b/.github/workflows/all-scans.yml
@@ -21,14 +21,14 @@ jobs:
     runs-on: [ubuntu-latest]
 
     env:
-      MAC_BRIDGE_URL: "https://sig-repo.synopsys.com/artifactory/bds-integrations-release/com/synopsys/integration/synopsys-bridge/0.1.222/synopsys-bridge-0.1.222-macosx.zip"
-      LINUX_BRIDGE_URL: "https://sig-repo.synopsys.com/artifactory/bds-integrations-release/com/synopsys/integration/synopsys-bridge/0.1.222/synopsys-bridge-0.1.222-linux64.zip"
-      WINDOWS_BRIDGE_URL: "https://sig-repo.synopsys.com/artifactory/bds-integrations-release/com/synopsys/integration/synopsys-bridge/0.1.222/synopsys-bridge-0.1.222-win64.zip"
+      MAC_BRIDGE_URL: "https://sig-repo.synopsys.com/artifactory/bds-integrations-release/com/synopsys/integration/bridge-cli/0.1.222/bridge-cli-0.1.222-macosx.zip"
+      LINUX_BRIDGE_URL: "https://sig-repo.synopsys.com/artifactory/bds-integrations-release/com/synopsys/integration/bridge-cli/0.1.222/bridge-cli-0.1.222-linux64.zip"
+      WINDOWS_BRIDGE_URL: "https://sig-repo.synopsys.com/artifactory/bds-integrations-release/com/synopsys/integration/bridge-cli/0.1.222/bridge-cli-0.1.222-win64.zip"
 
     steps:
       #      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v3
-      - name: Use synopsys unified-action - running all scans
+      - name: Use Black Duck unified-action - running all scans
         # Use the action defined in this repository
         uses: ./
         with:
@@ -41,13 +41,13 @@ jobs:
           polaris_assessment_types: "SAST"
           github_token: ${{ secrets.GITHUB_TOKEN }}
 
-          # Blackduck
-          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
-          blackduck_apiToken: ${{ secrets.BLACKDUCK_API_TOKEN_NEW }}
-          blackduck_scan_full: true
-          #blackduck_install_directory: "/root"
-          blackduck_scan_failure_severities: 'BLOCKER, CRITICAL, TRIVIAL'
-          blackduck_automation_fixpr: false
+          # BlackduckSCA
+          blackducksca_url: ${{ secrets.BLACKDUCK_SCA_URL }}
+          blackducksca_token: ${{ secrets.BLACKDUCK_SCA_TOKEN_NEW }}
+          detect_scan_full: true
+          #detect_install_directory: "/root"
+          blackducksca_scan_failure_severities: 'BLOCKER, CRITICAL, TRIVIAL'
+          blackducksca_fixpr_enabled: false
 
           #Coverity
           coverity_url: ${{ secrets.COVERITY_URL }}

diff --git a/.github/workflows/blackduck.yml b/.github/workflows/blackduck.yml
@@ -28,7 +28,7 @@ jobs:
       - name: Checkout Source
         uses: actions/checkout@v3
 
-      - name: Black Duck Full Scan
+      - name: Black Duck SAC Full Scan
         if: ${{ github.event_name != 'pull_request' }}
         uses: synopsys-sig/synopsys-action@v1.2.0
         # Use below configuration to set detect environment variables for your project
@@ -38,14 +38,14 @@ jobs:
         #   DETECT_CODE_LOCATION_NAME: ${{ github.event.repository.name }}-${{ github.ref_name }}
         #   DETECT_EXCLUDED_DETECTOR_TYPES: 'GIT'
         with:
-          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
-          blackduck_apiToken: ${{ secrets.BLACKDUCK_API_TOKEN }}
-          blackduck_scan_full: true
-          blackduck_scan_failure_severities: 'ALL'
+          blackducksca_url: ${{ secrets.BLACKDUCK_SCA_URL }}
+          blackducksca_token: ${{ secrets.BLACKDUCK_SCA_TOKEN }}
+          detect_scan_full: true
+          blackducksca_scan_failure_severities: 'ALL'
           ### Uncomment below configuration to enable autoamtic fix pull request creation if vulnerabilities are reported
-          # blackduck_automation_fixpr: true 
-          # github_token: ${{ secrets.GITHUB_TOKEN }} # Mandatory when blackduck_automation_fixpr is set to 'true'
-          ### Uncomment below configuration if Synopsys Bridge diagnostic files needs to be uploaded
+          # blackducksca_fixpr_enabled: true 
+          # github_token: ${{ secrets.GITHUB_TOKEN }} # Mandatory when blackducksca_fixpr_enabled is set to 'true'
+          ### Uncomment below configuration if Bridge CLI diagnostic files needs to be uploaded
           # include_diagnostics: true  
 
       - name: Black Duck PR Scan
@@ -58,12 +58,12 @@ jobs:
         #   DETECT_CODE_LOCATION_NAME: ${{ github.event.repository.name }}-${{ github.ref_name }}
         #   DETECT_EXCLUDED_DETECTOR_TYPES: 'GIT'
         with:
-          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
-          blackduck_apiToken: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          blackduck_url: ${{ secrets.BLACKDUCK_SCA_URL }}
+          blackduck_token: ${{ secrets.BLACKDUCK_SCA_TOKEN }}
           blackduck_scan_full: false
           blackduck_scan_failure_severities: 'ALL'
           ### Uncomment below configuration to enable feedback from Black Duck security testing as pull request comment
           # blackduck_automation_prcomment: true
           # github_token: ${{ secrets.GITHUB_TOKEN }} # Mandatory when blackduck_automation_prcomment is set to 'true'
-          ### Uncomment below configuration if Synopsys Bridge diagnostic files needs to be uploaded
+          ### Uncomment below configuration if Bridge CLI diagnostic files needs to be uploaded
           # include_diagnostics: true  
diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml
@@ -25,10 +25,10 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: Set Node.js 12.x
+      - name: Set Node.js 16.x
         uses: actions/setup-node@v3
         with:
-          node-version: 12.x
+          node-version: 16.x
 
       - name: Install dependencies
         run: npm ci

diff --git a/.github/workflows/config_as_code/blackduck.yml b/.github/workflows/config_as_code/blackduck.yml
@@ -23,8 +23,8 @@ jobs:
     #    runs-on: [self-hosted, Linux, kishor-linux]
 
     env:
-      BRIDGE_blackduck_url: ${{ secrets.BLACKDUCK_URL }}
-      BRIDGE_blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN_NEW }}
+      BRIDGE_blackduck_url: ${{ secrets.BLACKDUCK_SCA_URL }}
+      BRIDGE_blackduck_token: ${{ secrets.BLACKDUCK_SCA_TOKEN }}
       BRIDGE_blackduck_install_directory: "/root"
       MAC_BRIDGE_URL: "https://sig-repo.synopsys.com/artifactory/bds-integrations-release/com/synopsys/integration/synopsys-action/0.1.72/ci-package-0.1.72-macosx.zip"
       LINUX_BRIDGE_URL: "https://sig-repo.synopsys.com/artifactory/bds-integrations-release/com/synopsys/integration/synopsys-action/0.1.72/ci-package-0.1.72-linux64.zip"
@@ -37,15 +37,15 @@ jobs:
       - uses: actions/checkout@v3
 
 
-      - name: Synopsys-action for Windows
+      - name: Blackduck-security-action for Windows
         if: ${{ runner.os == 'Windows' }}
         run: |
           Invoke-WebRequest -Uri ${{ env.WINDOWS_BRIDGE_URL }} -OutFile bridge.zip
           tar -xf bridge.zip
           .\bridge.exe --stage blackduck
         shell: powershell
 
-      - name: Synopsys-action for MAC
+      - name: Blackduck-security-action for MAC
         if: ${{  runner.os == 'macOS'  }}
         run: |
           var="$(which unzip)"
@@ -57,7 +57,7 @@ jobs:
           ./bridge --stage blackduck
         shell: bash
 
-      - name: Synopsys-action for Linux
+      - name: Blackduck-security-action for Linux
         if: ${{  runner.os == 'Linux'  }}
         run: |
           var="$(which unzip)"

diff --git a/.github/workflows/config_as_code/coverity.yml b/.github/workflows/config_as_code/coverity.yml
@@ -40,15 +40,15 @@ jobs:
     steps:
       #      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v3
-      - name: Synopsys-action for Windows
+      - name: Blackduck-security-action for Windows
         if: ${{ runner.os == 'Windows' }}
         run: |
           Invoke-WebRequest -Uri ${{ env.WINDOWS_BRIDGE_URL }} -OutFile bridge.zip
           tar -xf bridge.zip
           .\bridge.exe --stage connect
         shell: powershell
 
-      - name: Synopsys-action for MAC
+      - name: Blackduck-security-action for MAC
         if: ${{  runner.os == 'macOS'  }}
         run: |
           brew install unzip
@@ -57,7 +57,7 @@ jobs:
           ./bridge --stage connect
         shell: bash
 
-      - name: Synopsys-action for Linux
+      - name: Blackduck-security-action for Linux
         if: ${{  runner.os == 'Linux'  }}
         run: |
           apt install unzip

diff --git a/.github/workflows/config_as_code/polaris.yml b/.github/workflows/config_as_code/polaris.yml
@@ -36,15 +36,15 @@ jobs:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v3
 
-      - name: Synopsys-action for Windows
+      - name: Blackduck-security-action for Windows
         if: ${{ runner.os == 'Windows' }}
         run: |
           Invoke-WebRequest -Uri ${{ env.WINDOWS_BRIDGE_URL }} -OutFile bridge.zip
           tar -xf bridge.zip
           .\bridge.exe --stage polaris
         shell: powershell
 
-      - name: Synopsys-action for MAC
+      - name: Blackduck-security-action for MAC
         if: ${{  runner.os == 'macOS'  }}
         run: |
           brew install unzip
@@ -53,7 +53,7 @@ jobs:
           ./bridge --stage polaris
         shell: bash
 
-      - name: Synopsys-action for Linux
+      - name: Blackduck-security-action for Linux
         if: ${{  runner.os == 'Linux'  }}
         run: |
           sudo apt-get install unzip

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
@@ -47,7 +47,7 @@ jobs:
           # Mandatory for windows hosted environment
           # coverity_install_directory: "/root"
           bridge_download_url: ${{ env.LINUX_BRIDGE_URL }}
-          ### Uncomment below configuration if Synopsys Bridge diagnostic files needs to be uploaded
+          ### Uncomment below configuration if Bridge CLI diagnostic files needs to be uploaded
           # include_diagnostics: true    
 
       - name: Coverity PR Scan
@@ -64,5 +64,5 @@ jobs:
           ### Below configuration is used to enable feedback from Coverity security testing as pull request comment
           coverity_automation_prcomment: true
           github_token: ${{ secrets.GITHUB_TOKEN }} # Mandatory when coverity_automation_prcomment is set to 'true'   
-          ### Uncomment below configuration if Synopsys Bridge diagnostic files needs to be uploaded
+          ### Uncomment below configuration if Bridge CLI diagnostic files needs to be uploaded
           # include_diagnostics: true      
diff --git a/README.md b/README.md
@@ -1,18 +1,17 @@
-# Synopsys Action
+# Black Duck Security Action
 
 ![GitHub tag (latest SemVer)](https://img.shields.io/github/v/tag/synopsys-sig/synopsys-action?color=blue&label=Latest%20Version&sort=semver)
 
-Synopsys Action allows you to integrate Static Analysis Security Testing (SAST) and Software Composition Analysis (SCA) into your CI/CD pipelines. 
-Synopsys Action leverages Synopsys Bridge, a foundational piece of technology that has built-in knowledge of how to run all major Synopsys security testing solutions, plus common workflows for platforms like GitHub.
+Black Duck Security Action allows you to integrate Static Analysis Security Testing (SAST) and Software Composition Analysis (SCA) into your CI/CD pipelines. Black Duck Security Action leverages Bridge-CLI, a foundational piece of technology that has built-in knowledge of how to run all major Synopsys security testing solutions, plus common workflows for platforms like GitHub.
 
-To use Synopsys Action, please follow the steps below:
+To use Black Duck Security Action, please follow the steps below:
 
 1. Configure GitHub as described in the [GitHub Prerequisites](https://sig-product-docs.synopsys.com/bundle/bridge/page/documentation/c_github-prerequisites.html) page.
-2. Install and configure Synopsys Action for the Synopsys product you are using. <br/>
+2. Install and configure Black Duck Security Action for the Synopsys product you are using. <br/>
 [Polaris](https://sig-product-docs.synopsys.com/bundle/bridge/page/documentation/c_github-polaris.html) <br/>
 [Black Duck](https://sig-product-docs.synopsys.com/bundle/bridge/page/documentation/c_github-blackduck.html)  <br/>
 [Coverity](https://sig-product-docs.synopsys.com/bundle/bridge/page/documentation/c_github-coverity.html) <br/>
 3. For additional configuration options, visit the [Additional GitHub Configuration](https://sig-product-docs.synopsys.com/bundle/bridge/page/documentation/c_additional-github-parameters.html) page.
 
-As an alternative to Synopsys Action, you also have the option to use Synopsys Bridge CLI. <br/>
-Detailed documentation for Synopsys Bridge CLI can be found [here](https://sig-product-docs.synopsys.com/bundle/bridge/page/documentation/c_overview.html).
+As an alternative to Black Duck Security Action, you also have the option to use Black Duck Bridge CLI. <br/>
+Detailed documentation for Black Duck Bridge CLI can be found [here](https://sig-product-docs.synopsys.com/bundle/bridge/page/documentation/c_overview.html).
diff --git a/action.yml b/action.yml
@@ -1,9 +1,9 @@
-name: 'Synopsys Action'
+name: 'Black Duck Security Action'
 branding:
   icon: 'shield'
   color: 'purple'
 description: 'Find and fix software weaknesses and vulnerabilities during development, before you ship or deploy!'
-author: 'Synopsys Inc'
+author: 'Black Duck Software, Inc.'
 inputs:
   coverity_url:
     description: 'Coverity url'
@@ -36,7 +36,7 @@ inputs:
     description: 'Flag to enable/disable to run coverity scan locally.'
     required: false
   coverity_version:
-    description: 'If provided, Synopsys Action will download specific version of coverity thin client to use.'
+    description: 'If provided, Blackduck Security Action will download specific version of coverity thin client to use.'
     required: false
   coverity_prComment_enabled:
     description: 'Flag to enable pull request comments for new issues found in the Coverity scan'
@@ -57,7 +57,7 @@ inputs:
     description: 'Additional Coverity Arguments separated by space'
     required: false
   bridge_coverity_version:
-    description: 'If provided, Synopsys Action will download specific version of coverity thin client to use.'
+    description: 'If provided, Blackduck Security Action will download specific version of coverity thin client to use.'
     required: false  
   polaris_access_token:
     description: 'Polaris Access Token'
@@ -128,79 +128,79 @@ inputs:
   project_source_excludes:
     description: 'A list of git ignore pattern strings that indicate the files need to be excluded from the zip file'
     required: false
-  synopsys_bridge_install_directory:
-    description: 'Synopsys Bridge Install Directory'
+  bridgecli_install_directory:
+    description: 'Bridge CLI Install Directory'
     required: false
-  synopsys_bridge_download_url:
+  bridgecli_download_url:
     description: 'URL to download bridge from'
     required: false
-  blackduck_url:
+  blackducksca_url:
     description: 'URL for blackduck hub'
     required: false
-  blackduck_token:
+  blackducksca_token:
     description: 'API token to access blackduck'
     required: false
-  blackduck_install_directory:
+  detect_install_directory:
     description: 'Directory to find or install detect'
     required: false
-  blackduck_scan_full:
+  detect_scan_full:
     description: 'Scan Mode. (true for intelligent scan & false for rapid scan)'
     required: false
-  blackduck_scan_failure_severities:
+  blackducksca_scan_failure_severities:
     description: 'If provided, Blackduck will break the build if any issues produced match one of the given severities'
     required: false
-  blackduck_automation_fixpr:
+  blackducksca_fixpr_enabled:
     description: 'If set as true, separate Fix PRs will be created if vulnerability is found after scan'
     required: false
   blackduck_fixpr_enabled:
     description: 'Flag to enable/disable the automatic fix pull request creations for Black Duck'
     required: false
-  blackduck_fixpr_maxCount:
+  blackducksca_fixpr_maxCount:
     description: 'Maximum number of Pull Requests to be created that violate policies'
     required: false
-  blackduck_fixpr_filter_severities:
+  blackducksca_fixpr_filter_severities:
     description: 'If provided, Fix PRs will be created only for given severities'
     required: false
-  blackduck_fixpr_useUpgradeGuidance:
+  blackducksca_fixpr_useUpgradeGuidance:
     description: 'Flag to enable long term upgrade guidance'
     required: false
-  synopsys_bridge_download_version:
-    description: 'If provided, Synopsys-action will configure the version of Bridge'
+  bridgecli_download_version:
+    description: 'If provided, Blackduck Security Action will configure the version of Bridge'
     required: false
-  blackduck_prComment_enabled:
+  blackducksca_prComment_enabled:
     description: 'Flag to enable pull request comments for new issues found in the Black Duck scan'
     required: false
-  blackduck_reports_sarif_create:
+  blackducksca_reports_sarif_create:
     description: 'Flag to enable/disable Black Duck SARIF report generation'
     required: false
-  blackduck_reports_sarif_file_path:
+  blackducksca_reports_sarif_file_path:
     description: 'File path including file name where Black Duck SARIF report should be created'
     required: false
-  blackduck_reports_sarif_severities:
+  blackducksca_reports_sarif_severities:
     description: 'Indicates what SAST/SCA issues severity categories to include in Black Duck SARIF file report'
     required: false
-  blackduck_reports_sarif_groupSCAIssues:
+  blackducksca_reports_sarif_groupSCAIssues:
     description: 'Flag to enable/disable Component-Version grouping for SCA Issues in Black Duck SARIF report rules section'
     required: false
-  blackduck_upload_sarif_report:
+  blackducksca_upload_sarif_report:
     description: 'Flag to enable/disable uploading of Black Duck SARIF report to GitHub Advanced Security'
     required: false
-  blackduck_waitForScan: 
+  blackducksca_waitForScan: 
     description: 'Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.'
     required: false
-  blackduck_search_depth:
+  detect_search_depth:
     description: 'Number indicating the search depth in the source directory'
     required: false
-  blackduck_args:
+  detect_args:
     description: 'Additional Black Duck Arguments separated by space'
     required: false
-  blackduck_config_path:
+  detect_config_path:
     description: 'Black Duck config file path (.properties/.yml)'
     required: false
-  blackduck_policy_badges_create:
+  blackducksca_policy_badges_create:
     description: 'To enable creation of badges on the GitHub repository'
     required: false
-  blackduck_policy_badges_maxCount:
+  blackducksca_policy_badges_maxCount:
     description: 'To limit number of badges to be displayed on the GitHub repository'
     required: false
   srm_url:
@@ -243,10 +243,10 @@ inputs:
     description: 'Number of days to keep the diagnostics files downloadable'
     required: false
   bridge_network_airgap:
-    description: 'If provided, Synopsys Action will be using local network to download and execute bridge .'
+    description: 'If provided, Blackduck Security Action will be using local network to download and execute bridge .'
     required: false  
   network_airgap:
-    description: 'If provided, Synopsys Action will be using local network to download and execute bridge .'
+    description: 'If provided, Blackduck Security Action will be using local network to download and execute bridge .'
     required: false
 runs:
   using: 'node20'