From 40970bec2304b68d4d3ccb26074dfa6dbe942c5d Mon Sep 17 00:00:00 2001
From: Lisa Julia Nebel <lisa.nebel@sap.com>
Date: Wed, 27 May 2026 17:32:54 +0200
Subject: [PATCH 1/5] Remove unused artifacts from blackduck action

---
 .github/actions/scan-with-blackduck/action.yml | 4 ----
 .github/workflows/main.yml                     | 1 -
 2 files changed, 5 deletions(-)

diff --git a/.github/actions/scan-with-blackduck/action.yml b/.github/actions/scan-with-blackduck/action.yml
index ff3675c2..b98748a6 100644
--- a/.github/actions/scan-with-blackduck/action.yml
+++ b/.github/actions/scan-with-blackduck/action.yml
@@ -5,9 +5,6 @@ inputs:
   blackduck_token:
     description: The token to use for BlackDuck authentication
     required: true
-  github_token:
-    description: The token to use for GitHub authentication
-    required: true
   java-version:
     description: The version of Java to use
     default: '17'
@@ -60,7 +57,6 @@ runs:
         blackducksca_url: https://sap.blackducksoftware.com/
         blackducksca_token: ${{ inputs.blackduck_token }}
         blackducksca_scan_full: ${{ inputs.scan_mode == 'FULL' }}
-        github_token: ${{ inputs.github_token }}
         detect_args: >
           --detect.project.name=com.sap.cds.feature.attachments
           --detect.project.version.name=${{ steps.resolve-version.outputs.VERSION }}
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 6b9c082c..82a986e8 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -23,7 +23,6 @@ jobs:
         uses: cap-java/cds-feature-attachments/.github/actions/scan-with-blackduck@main
         with:
           blackduck_token: ${{ secrets.BLACK_DUCK_TOKEN }}
-          github_token: ${{ secrets.GITHUB_TOKEN }}
           maven-version: ${{ env.MAVEN_VERSION }}
           scan_mode: FULL
 

From e373edc2a72fe5fa7e3f6b5a96da4f0420260495 Mon Sep 17 00:00:00 2001
From: Lisa Julia Nebel <lisa.nebel@sap.com>
Date: Wed, 27 May 2026 17:39:42 +0200
Subject: [PATCH 2/5] Version bumps

---
 pom.xml                                             | 4 ++--
 storage-targets/cds-feature-attachments-oss/pom.xml | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index 05563627..27558103 100644
--- a/pom.xml
+++ b/pom.xml
@@ -66,7 +66,7 @@
 
     <excluded.generation.package>com/sap/cds/feature/attachments/generated/</excluded.generation.package>
 
-    <software.amazon.awssdk-s3-version>2.42.33</software.amazon.awssdk-s3-version>
+    <software.amazon.awssdk-s3-version>2.44.11</software.amazon.awssdk-s3-version>
     <software.amazon.awssdk-crt-version>0.44.0</software.amazon.awssdk-crt-version>
 
     <!-- Latest versions of CAP Java and cds-dk used for integrations tests only -->
@@ -89,7 +89,7 @@
       <dependency>
         <groupId>com.sap.cloud.sdk</groupId>
         <artifactId>sdk-bom</artifactId>
-        <version>5.27.0</version>
+        <version>5.30.0</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
diff --git a/storage-targets/cds-feature-attachments-oss/pom.xml b/storage-targets/cds-feature-attachments-oss/pom.xml
index 70ed80f4..00408eae 100644
--- a/storage-targets/cds-feature-attachments-oss/pom.xml
+++ b/storage-targets/cds-feature-attachments-oss/pom.xml
@@ -45,13 +45,13 @@
     <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-storage-blob</artifactId>
-      <version>12.33.3</version>
+      <version>12.34.0</version>
     </dependency>
 
     <dependency>
       <groupId>com.google.cloud</groupId>
       <artifactId>google-cloud-storage</artifactId>
-      <version>2.66.0</version>
+      <version>2.68.0</version>
     </dependency>
 
     <!-- TESTS -->

From de5809754a291e9bedf961a01edd82b516579f16 Mon Sep 17 00:00:00 2001
From: Lisa Julia Nebel <lisa.nebel@sap.com>
Date: Wed, 27 May 2026 17:45:44 +0200
Subject: [PATCH 3/5] Override netty version

---
 pom.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pom.xml b/pom.xml
index 27558103..c1c4ea78 100644
--- a/pom.xml
+++ b/pom.xml
@@ -86,6 +86,14 @@
         <scope>import</scope>
       </dependency>
 
+      <dependency>
+        <groupId>io.netty</groupId>
+        <artifactId>netty-bom</artifactId>
+        <version>4.2.14.Final</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
+
       <dependency>
         <groupId>com.sap.cloud.sdk</groupId>
         <artifactId>sdk-bom</artifactId>

From 3c936a195ecb237b9c16b5ae9afbe69866528ed4 Mon Sep 17 00:00:00 2001
From: Lisa Julia Nebel <lisa.nebel@sap.com>
Date: Wed, 27 May 2026 18:13:00 +0200
Subject: [PATCH 4/5] Add BlackDuck RAPID scan to PR workflow with BOM_COMPARE
 mode

- Add blackduck job to pr.yml using RAPID scan mode so PRs get a fast
  policy gate without uploading results to the BlackDuck server
- Set rapid_compare_mode=BOM_COMPARE so only violations introduced by
  the PR are flagged, not pre-existing ones from the main branch scan
- Add rapid_compare_mode input to scan-with-blackduck action to support
  configurable compare mode for RAPID scans
---
 .github/actions/scan-with-blackduck/action.yml |  5 +++++
 .github/workflows/pr.yml                       | 18 ++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/.github/actions/scan-with-blackduck/action.yml b/.github/actions/scan-with-blackduck/action.yml
index b98748a6..cbcf0e07 100644
--- a/.github/actions/scan-with-blackduck/action.yml
+++ b/.github/actions/scan-with-blackduck/action.yml
@@ -20,6 +20,10 @@ inputs:
     description: The scan mode to use (FULL uploads a report to the Black Duck server; RAPID is a fast policy gate without server upload).
     default: 'FULL'
     required: false
+  rapid_compare_mode:
+    description: When set, enables Rapid Scan compare mode (e.g. BOM_COMPARE or BOM_COMPARE_STRICT). Only relevant when scan_mode is RAPID. See https://documentation.blackduck.com/bundle/detect/page/runningdetect/rapidscan.html#rapid-scan-compare-mode for details.
+    default: ''
+    required: false
 
 runs:
   using: composite
@@ -73,3 +77,4 @@ runs:
           --blackduck.signature.scanner.memory=4096
           --blackduck.trust.cert=true
           --logging.level.detect=INFO
+          ${{ inputs.rapid_compare_mode != '' && format('--detect.blackduck.rapid.compare.mode={0}', inputs.rapid_compare_mode) || '' }}
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index c7157293..13f9ff56 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -13,6 +13,24 @@ on:
     types: [reopened, synchronize, opened]
 
 jobs:
+  blackduck:
+    name: Blackduck Scan
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+
+      - name: Scan With Black Duck
+        uses: cap-java/cds-feature-attachments/.github/actions/scan-with-blackduck@main
+        with:
+          blackduck_token: ${{ secrets.BLACK_DUCK_TOKEN }}
+          maven-version: ${{ env.MAVEN_VERSION }}
+          scan_mode: RAPID
+          rapid_compare_mode: BOM_COMPARE # PRs might only be blocked by things they introduce, not by pre-existing issues that could have appeared in the main branch in the meantime
+
   build-and-test:
     uses: cap-java/cds-feature-attachments/.github/workflows/pipeline.yml@main
     secrets: inherit

From fbd495c07ddd42c956efb43863badb931b8f9b70 Mon Sep 17 00:00:00 2001
From: Lisa Julia Nebel <lisa.nebel@sap.com>
Date: Thu, 28 May 2026 10:17:21 +0200
Subject: [PATCH 5/5] Add com.sap.cloud.sdk.cloudplatform dependency

---
 cds-feature-attachments/pom.xml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cds-feature-attachments/pom.xml b/cds-feature-attachments/pom.xml
index d4139386..0036b9a3 100644
--- a/cds-feature-attachments/pom.xml
+++ b/cds-feature-attachments/pom.xml
@@ -34,6 +34,12 @@
         </exclusion>
       </exclusions>
     </dependency>
+
+    <dependency>
+      <groupId>com.sap.cloud.sdk.cloudplatform</groupId>
+      <artifactId>connectivity-apache-httpclient4</artifactId>
+    </dependency>
+
     <dependency>
       <groupId>com.sap.cds</groupId>
       <artifactId>cds-services-utils</artifactId>