From c50e8d654198fda4f40d3e52fcf34805d5d84a72 Mon Sep 17 00:00:00 2001
From: unlimit97 <44885126+unlimit97@users.noreply.github.com>
Date: Thu, 4 Sep 2025 18:14:01 +0900
Subject: [PATCH 1/5] Update pom.xml
---
pom.xml | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/pom.xml b/pom.xml
index 49138f6..6332f84 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,12 +11,20 @@
https://jitpack.io/#jitpack/maven-simple/0.1
+
junit
junit
4.13.1
test
+
+
+ ch.qos.logback
+ logback-core
+ 1.1.0
+
+
From 3556428b04532697d0ee1d73078a07f9cb5c9dec Mon Sep 17 00:00:00 2001
From: unlimit97 <44885126+unlimit97@users.noreply.github.com>
Date: Thu, 4 Sep 2025 18:20:02 +0900
Subject: [PATCH 2/5] Create bd_ss_main.yml
---
.github/workflows/bd_ss_main.yml | 106 +++++++++++++++++++++++++++++++
1 file changed, 106 insertions(+)
create mode 100644 .github/workflows/bd_ss_main.yml
diff --git a/.github/workflows/bd_ss_main.yml b/.github/workflows/bd_ss_main.yml
new file mode 100644
index 0000000..c67a20c
--- /dev/null
+++ b/.github/workflows/bd_ss_main.yml
@@ -0,0 +1,106 @@
+name: CI-BlackDuck-SCA
+on:
+ push:
+ branches: [main, master, develop, stage, release]
+ pull_request:
+ branches: [main, master, develop, stage, release]
+jobs:
+ build:
+ runs-on: [ubuntu-latest]
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v4
+ - name: Black Duck SCA Full Scan
+ id: black-duck-full-scan
+ if: ${{ github.event_name != 'pull_request' }}
+ uses: blackduck-inc/black-duck-security-scan@v2
+
+ ### Use below configuration to set specific detect environment variables
+ env:
+ DETECT_PROJECT_NAME: ${{ github.event.repository.name }}
+ with:
+ blackducksca_url: ${{ vars.BLACKDUCK_URL }}
+ blackducksca_token: ${{ secrets.BLACKDUCK_TOKEN }}
+ blackducksca_scan_full: true
+ # blackducksca_waitForScan: false # Used to support the async mode
+
+ ### Accepts Multiple Values
+ blackducksca_scan_failure_severities: 'BLOCKER,CRITICAL'
+
+ ### Arbitrary product-related CL arguments
+ # detect_search_depth: 2
+ # detect_args: '--detect.diagnostic=true'
+ # detect_config_path: '/Users/Config/application.properties'
+
+ ### Uncomment below configuration to enable automatic fix pull request creation if vulnerabilities are reported
+ # blackducksca_fixpr_enabled: true
+ # blackducksca_fixpr_maxCount: 5
+ # blackducksca_fixpr_filter_severities: 'CRITICAL,HIGH'
+ # blackducksca_fixpr_useUpgradeGuidance: 'SHORT_TERM,LONG_TERM'
+ # github_token: ${{ secrets.GITHUB_TOKEN }} # Mandatory when blackducksca_fixpr_enabled is set to 'true'
+
+ ### SARIF report generation and upload to GitHub Adavanced Security: Uncomment below to enable
+ # blackducksca_reports_sarif_create: true # Create Black Duck SCA SARIF report and upload it as artifact
+ # blackducksca_reports_sarif_file_path: '/Users/tmp/report.sarif.json' # File path including file name where SARIF report should be created(need to include file name as well)
+ # blackducksca_reports_sarif_severities: 'CRITICAL,HIGH'
+ # blackducksca_reports_sarif_groupSCAIssues: true # By default true
+ # blackducksca_upload_sarif_report: true # Upload Black Duck SCA SARIF report in GitHub Advanced Security tab
+ # github_token: ${{ secrets.GITHUB_TOKEN }} # Required when blackducksca_upload_sarif_report is set as true
+
+ ### Mark build status if policy violating issues are found
+ # mark_build_status: 'success'
+
+ ### To enable Black Duck SCA policy badges
+ # blackducksca_policy_badges_create: true
+ # blackducksca_policy_badges_maxCount: 5
+
+ # project_directory: ${{ vars.PROJECT_DIRECTORY }}
+
+ ### Uncomment below configuration if Bridge diagnostic files needs to be uploaded
+ # include_diagnostics: true
+
+ ### To enabable self-signed certificates
+ #network_ssl_trustAll: true
+ #network_ssl_cert_file: '/Users/Config/cert.pem'
+
+
+ - name: Black Duck SCA PR Scan
+ id: black-duck-pr-scan
+ if: ${{ github.event_name == 'pull_request' }}
+ uses: blackduck-inc/black-duck-security-scan@v2
+
+ ### Use below configuration to set specific detect environment variables
+ env:
+ DETECT_PROJECT_NAME: ${{ github.event.repository.name }}
+ with:
+ blackducksca_url: ${{ vars.BLACKDUCK_URL }}
+ blackducksca_token: ${{ secrets.BLACKDUCK_TOKEN }}
+ blackducksca_scan_full: false
+
+ ### Below configuration is used to enable automatic pull request comment based on Black Duck SCA scan result
+ blackducksca_prComment_enabled: true
+ github_token: ${{ secrets.GITHUB_TOKEN }}
+ # Mandatory when blackducksca_automation_prcomment is set to 'true'
+
+ ### To enable Black Duck SCA policy badges
+ # blackducksca_policy_badges_create: true
+ # blackducksca_policy_badges_maxCount: 5
+
+ # project_directory: ${{ vars.PROJECT_DIRECTORY }}
+
+ ### Uncomment below configuration if Bridge diagnostic files needs to be uploaded
+ # include_diagnostics: true
+
+ ### Mark build status if policy violating issues are found
+ # mark_build_status: 'success'
+
+ ### To enabable self-signed certificates
+ #network_ssl_trustAll: true
+ #network_ssl_cert_file: '/Users/Config/cert.pem'
+
+ ### Uncomment below configuration to add custom logic based on return status
+ # - name: cmdLine
+ # id: cmdLine
+ # run: |
+ # EXIT_CODE=${{ steps.black-duck-full-scan.outputs.status }}
+ # echo "Black Duck Full Scan exit status - $EXIT_CODE"
From 4b993239e214af58b53b1d67d43529813f4c648b Mon Sep 17 00:00:00 2001
From: unlimit97 <44885126+unlimit97@users.noreply.github.com>
Date: Thu, 4 Sep 2025 18:23:18 +0900
Subject: [PATCH 3/5] Update bd_ss_main.yml
---
.github/workflows/bd_ss_main.yml | 150 ++++++++++++-------------------
1 file changed, 59 insertions(+), 91 deletions(-)
diff --git a/.github/workflows/bd_ss_main.yml b/.github/workflows/bd_ss_main.yml
index c67a20c..98a7083 100644
--- a/.github/workflows/bd_ss_main.yml
+++ b/.github/workflows/bd_ss_main.yml
@@ -1,106 +1,74 @@
name: CI-BlackDuck-SCA
+
on:
push:
branches: [main, master, develop, stage, release]
pull_request:
branches: [main, master, develop, stage, release]
+
jobs:
build:
- runs-on: [ubuntu-latest]
- steps:
- - name: Checkout Source
- uses: actions/checkout@v4
- - name: Black Duck SCA Full Scan
- id: black-duck-full-scan
- if: ${{ github.event_name != 'pull_request' }}
- uses: blackduck-inc/black-duck-security-scan@v2
-
- ### Use below configuration to set specific detect environment variables
- env:
- DETECT_PROJECT_NAME: ${{ github.event.repository.name }}
- with:
- blackducksca_url: ${{ vars.BLACKDUCK_URL }}
- blackducksca_token: ${{ secrets.BLACKDUCK_TOKEN }}
- blackducksca_scan_full: true
- # blackducksca_waitForScan: false # Used to support the async mode
-
- ### Accepts Multiple Values
- blackducksca_scan_failure_severities: 'BLOCKER,CRITICAL'
-
- ### Arbitrary product-related CL arguments
- # detect_search_depth: 2
- # detect_args: '--detect.diagnostic=true'
- # detect_config_path: '/Users/Config/application.properties'
-
- ### Uncomment below configuration to enable automatic fix pull request creation if vulnerabilities are reported
- # blackducksca_fixpr_enabled: true
- # blackducksca_fixpr_maxCount: 5
- # blackducksca_fixpr_filter_severities: 'CRITICAL,HIGH'
- # blackducksca_fixpr_useUpgradeGuidance: 'SHORT_TERM,LONG_TERM'
- # github_token: ${{ secrets.GITHUB_TOKEN }} # Mandatory when blackducksca_fixpr_enabled is set to 'true'
-
- ### SARIF report generation and upload to GitHub Adavanced Security: Uncomment below to enable
- # blackducksca_reports_sarif_create: true # Create Black Duck SCA SARIF report and upload it as artifact
- # blackducksca_reports_sarif_file_path: '/Users/tmp/report.sarif.json' # File path including file name where SARIF report should be created(need to include file name as well)
- # blackducksca_reports_sarif_severities: 'CRITICAL,HIGH'
- # blackducksca_reports_sarif_groupSCAIssues: true # By default true
- # blackducksca_upload_sarif_report: true # Upload Black Duck SCA SARIF report in GitHub Advanced Security tab
- # github_token: ${{ secrets.GITHUB_TOKEN }} # Required when blackducksca_upload_sarif_report is set as true
-
- ### Mark build status if policy violating issues are found
- # mark_build_status: 'success'
-
- ### To enable Black Duck SCA policy badges
- # blackducksca_policy_badges_create: true
- # blackducksca_policy_badges_maxCount: 5
-
- # project_directory: ${{ vars.PROJECT_DIRECTORY }}
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v4
- ### Uncomment below configuration if Bridge diagnostic files needs to be uploaded
- # include_diagnostics: true
+ - name: Black Duck SCA Full Scan
+ id: black-duck-full-scan
+ if: ${{ github.event_name != 'pull_request' }}
+ uses: blackduck-inc/black-duck-security-scan@v2
+ env:
+ DETECT_PROJECT_NAME: ${{ github.event.repository.name }}
+ with:
+ blackducksca_url: ${{ vars.BLACKDUCK_URL }}
+ blackducksca_token: ${{ secrets.BLACKDUCK_TOKEN }}
+ blackducksca_scan_full: true
+ blackducksca_scan_failure_severities: 'BLOCKER,CRITICAL'
+ # blackducksca_waitForScan: false
+ # detect_search_depth: 2
+ # detect_args: '--detect.diagnostic=true'
+ # detect_config_path: '/Users/Config/application.properties'
+ # blackducksca_fixpr_enabled: true
+ # blackducksca_fixpr_maxCount: 5
+ # blackducksca_fixpr_filter_severities: 'CRITICAL,HIGH'
+ # blackducksca_fixpr_useUpgradeGuidance: 'SHORT_TERM,LONG_TERM'
+ # github_token: ${{ secrets.GITHUB_TOKEN }}
+ # blackducksca_reports_sarif_create: true
+ # blackducksca_reports_sarif_file_path: '/Users/tmp/report.sarif.json'
+ # blackducksca_reports_sarif_severities: 'CRITICAL,HIGH'
+ # blackducksca_reports_sarif_groupSCAIssues: true
+ # blackducksca_upload_sarif_report: true
+ # github_token: ${{ secrets.GITHUB_TOKEN }}
+ # mark_build_status: 'success'
+ # blackducksca_policy_badges_create: true
+ # blackducksca_policy_badges_maxCount: 5
+ # project_directory: ${{ vars.PROJECT_DIRECTORY }}
+ # include_diagnostics: true
+ # network_ssl_trustAll: true
+ # network_ssl_cert_file: '/Users/Config/cert.pem'
- ### To enabable self-signed certificates
- #network_ssl_trustAll: true
- #network_ssl_cert_file: '/Users/Config/cert.pem'
+ - name: Black Duck SCA PR Scan
+ id: black-duck-pr-scan
+ if: ${{ github.event_name == 'pull_request' }}
+ uses: blackduck-inc/black-duck-security-scan@v2
+ env:
+ DETECT_PROJECT_NAME: ${{ github.event.repository.name }}
+ with:
+ blackducksca_url: ${{ vars.BLACKDUCK_URL }}
+ blackducksca_token: ${{ secrets.BLACKDUCK_TOKEN }}
+ blackducksca_scan_full: false
+ blackducksca_prComment_enabled: true
+ github_token: ${{ secrets.GITHUB_TOKEN }}
+ # blackducksca_policy_badges_create: true
+ # blackducksca_policy_badges_maxCount: 5
+ # project_directory: ${{ vars.PROJECT_DIRECTORY }}
+ # include_diagnostics: true
+ # mark_build_status: 'success'
+ # network_ssl_trustAll: true
+ # network_ssl_cert_file: '/Users/Config/cert.pem'
-
- - name: Black Duck SCA PR Scan
- id: black-duck-pr-scan
- if: ${{ github.event_name == 'pull_request' }}
- uses: blackduck-inc/black-duck-security-scan@v2
-
- ### Use below configuration to set specific detect environment variables
- env:
- DETECT_PROJECT_NAME: ${{ github.event.repository.name }}
- with:
- blackducksca_url: ${{ vars.BLACKDUCK_URL }}
- blackducksca_token: ${{ secrets.BLACKDUCK_TOKEN }}
- blackducksca_scan_full: false
-
- ### Below configuration is used to enable automatic pull request comment based on Black Duck SCA scan result
- blackducksca_prComment_enabled: true
- github_token: ${{ secrets.GITHUB_TOKEN }}
- # Mandatory when blackducksca_automation_prcomment is set to 'true'
-
- ### To enable Black Duck SCA policy badges
- # blackducksca_policy_badges_create: true
- # blackducksca_policy_badges_maxCount: 5
-
- # project_directory: ${{ vars.PROJECT_DIRECTORY }}
-
- ### Uncomment below configuration if Bridge diagnostic files needs to be uploaded
- # include_diagnostics: true
-
- ### Mark build status if policy violating issues are found
- # mark_build_status: 'success'
-
- ### To enabable self-signed certificates
- #network_ssl_trustAll: true
- #network_ssl_cert_file: '/Users/Config/cert.pem'
-
- ### Uncomment below configuration to add custom logic based on return status
# - name: cmdLine
# id: cmdLine
# run: |
# EXIT_CODE=${{ steps.black-duck-full-scan.outputs.status }}
- # echo "Black Duck Full Scan exit status - $EXIT_CODE"
+
From 09a2d89d5dded9faa2359f66cad66bcd872686f7 Mon Sep 17 00:00:00 2001
From: unlimit97 <44885126+unlimit97@users.noreply.github.com>
Date: Thu, 4 Sep 2025 18:30:59 +0900
Subject: [PATCH 4/5] Update bd_ss_main.yml
---
.github/workflows/bd_ss_main.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/bd_ss_main.yml b/.github/workflows/bd_ss_main.yml
index 98a7083..faee7d6 100644
--- a/.github/workflows/bd_ss_main.yml
+++ b/.github/workflows/bd_ss_main.yml
@@ -39,7 +39,7 @@ jobs:
# blackducksca_reports_sarif_groupSCAIssues: true
# blackducksca_upload_sarif_report: true
# github_token: ${{ secrets.GITHUB_TOKEN }}
- # mark_build_status: 'success'
+ mark_build_status: 'success'
# blackducksca_policy_badges_create: true
# blackducksca_policy_badges_maxCount: 5
# project_directory: ${{ vars.PROJECT_DIRECTORY }}
@@ -63,7 +63,7 @@ jobs:
# blackducksca_policy_badges_maxCount: 5
# project_directory: ${{ vars.PROJECT_DIRECTORY }}
# include_diagnostics: true
- # mark_build_status: 'success'
+ mark_build_status: 'success'
# network_ssl_trustAll: true
# network_ssl_cert_file: '/Users/Config/cert.pem'
From 15d9b392f85f848b685143ccb7edf6f86496d33a Mon Sep 17 00:00:00 2001
From: unlimit97 <44885126+unlimit97@users.noreply.github.com>
Date: Thu, 4 Sep 2025 18:46:41 +0900
Subject: [PATCH 5/5] Update pom.xml
---
pom.xml | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/pom.xml b/pom.xml
index 6332f84..b17e933 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,6 +24,18 @@
logback-core
1.1.0
+
+
+ org.springframework
+ spring-core
+ 5.3.18
+
+
+ org.springframework
+ spring-context
+
+
+