diff --git a/.github/actions/scan-with-blackduck/action.yml b/.github/actions/scan-with-blackduck/action.yml
index ff3675c2..cbcf0e07 100644
--- a/.github/actions/scan-with-blackduck/action.yml
+++ b/.github/actions/scan-with-blackduck/action.yml
@@ -5,9 +5,6 @@ inputs:
blackduck_token:
description: The token to use for BlackDuck authentication
required: true
- github_token:
- description: The token to use for GitHub authentication
- required: true
java-version:
description: The version of Java to use
default: '17'
@@ -23,6 +20,10 @@ inputs:
description: The scan mode to use (FULL uploads a report to the Black Duck server; RAPID is a fast policy gate without server upload).
default: 'FULL'
required: false
+ rapid_compare_mode:
+ description: When set, enables Rapid Scan compare mode (e.g. BOM_COMPARE or BOM_COMPARE_STRICT). Only relevant when scan_mode is RAPID. See https://documentation.blackduck.com/bundle/detect/page/runningdetect/rapidscan.html#rapid-scan-compare-mode for details.
+ default: ''
+ required: false
runs:
using: composite
@@ -60,7 +61,6 @@ runs:
blackducksca_url: https://sap.blackducksoftware.com/
blackducksca_token: ${{ inputs.blackduck_token }}
blackducksca_scan_full: ${{ inputs.scan_mode == 'FULL' }}
- github_token: ${{ inputs.github_token }}
detect_args: >
--detect.project.name=com.sap.cds.feature.attachments
--detect.project.version.name=${{ steps.resolve-version.outputs.VERSION }}
@@ -77,3 +77,4 @@ runs:
--blackduck.signature.scanner.memory=4096
--blackduck.trust.cert=true
--logging.level.detect=INFO
+ ${{ inputs.rapid_compare_mode != '' && format('--detect.blackduck.rapid.compare.mode={0}', inputs.rapid_compare_mode) || '' }}
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 6b9c082c..82a986e8 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -23,7 +23,6 @@ jobs:
uses: cap-java/cds-feature-attachments/.github/actions/scan-with-blackduck@main
with:
blackduck_token: ${{ secrets.BLACK_DUCK_TOKEN }}
- github_token: ${{ secrets.GITHUB_TOKEN }}
maven-version: ${{ env.MAVEN_VERSION }}
scan_mode: FULL
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index c7157293..13f9ff56 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -13,6 +13,24 @@ on:
types: [reopened, synchronize, opened]
jobs:
+ blackduck:
+ name: Blackduck Scan
+ runs-on: ubuntu-latest
+ timeout-minutes: 30
+ permissions:
+ contents: read
+ steps:
+ - name: Checkout
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+
+ - name: Scan With Black Duck
+ uses: cap-java/cds-feature-attachments/.github/actions/scan-with-blackduck@main
+ with:
+ blackduck_token: ${{ secrets.BLACK_DUCK_TOKEN }}
+ maven-version: ${{ env.MAVEN_VERSION }}
+ scan_mode: RAPID
+ rapid_compare_mode: BOM_COMPARE # PRs might only be blocked by things they introduce, not by pre-existing issues that could have appeared in the main branch in the meantime
+
build-and-test:
uses: cap-java/cds-feature-attachments/.github/workflows/pipeline.yml@main
secrets: inherit
diff --git a/cds-feature-attachments/pom.xml b/cds-feature-attachments/pom.xml
index d4139386..0036b9a3 100644
--- a/cds-feature-attachments/pom.xml
+++ b/cds-feature-attachments/pom.xml
@@ -34,6 +34,12 @@
+
+
+ com.sap.cloud.sdk.cloudplatform
+ connectivity-apache-httpclient4
+
+
com.sap.cds
cds-services-utils
diff --git a/pom.xml b/pom.xml
index 05563627..c1c4ea78 100644
--- a/pom.xml
+++ b/pom.xml
@@ -66,7 +66,7 @@
com/sap/cds/feature/attachments/generated/
- 2.42.33
+ 2.44.11
0.44.0
@@ -86,10 +86,18 @@
import
+
+ io.netty
+ netty-bom
+ 4.2.14.Final
+ pom
+ import
+
+
com.sap.cloud.sdk
sdk-bom
- 5.27.0
+ 5.30.0
pom
import
diff --git a/storage-targets/cds-feature-attachments-oss/pom.xml b/storage-targets/cds-feature-attachments-oss/pom.xml
index 70ed80f4..00408eae 100644
--- a/storage-targets/cds-feature-attachments-oss/pom.xml
+++ b/storage-targets/cds-feature-attachments-oss/pom.xml
@@ -45,13 +45,13 @@
com.azure
azure-storage-blob
- 12.33.3
+ 12.34.0
com.google.cloud
google-cloud-storage
- 2.66.0
+ 2.68.0