Black Duck SCA Scan with Bridge CLI

bd-madhusud · web-flow · commit 0a2bb9c6f2f3 · 2025-10-27T23:26:40.000+05:30
diff --git a/.github/workflows/BlackduckSCA_Bridge.yml b/.github/workflows/BlackduckSCA_Bridge.yml
@@ -0,0 +1,65 @@
+name: blackducksca-bridge-cli
+on:
+  push:
+    branches: [ main, master, develop, stage, release ]
+  pull_request:
+    branches: [ main, master, develop, stage, release ]
+  workflow_dispatch:
+jobs:
+  blackduck:
+    runs-on: [ mac-arm-sh ]
+    defaults:
+      run:
+        working-directory: ${{ github.workspace }}/nodejs-npm
+    
+    env:
+      BRIDGE_BLACKDUCKSCA_URL: ${{ vars.BLACKDUCK_URL }}
+      BRIDGE_BLACKDUCKSCA_TOKEN: ${{ secrets.BLACKDUCK_TOKEN }}
+      BRIDGE_GITHUB_USER_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      BRIDGE_GITHUB_REPOSITORY_OWNER_NAME: ${{ github.repository_owner }}
+      BRIDGE_GITHUB_REPOSITORY_NAME: ${{ github.event.repository.name }}
+      BRIDGE_GITHUB_REPOSITORY_BRANCH_NAME: ${{ github.ref_name }}
+      ### FIX PULL REQUEST CREATION
+      BRIDGE_BLACKDUCKSCA_FIXPR_ENABLED: "true"
+      ### SARIF report parameters
+      BRIDGE_BLACKDUCKSCA_REPORTS_SARIF_CREATE: "true"
+      BRIDGE_DOWNLOAD_URL: https://repo.blackduck.com/bds-integrations-release/com/blackduck/integration/bridge/binaries/bridge-cli-bundle/latest
+      BRIDGE_PROJECT_DIRECTORY: ${{ github.workspace }}/nodejs-npm
+      
+    steps:
+    - name: Checkout Source
+      uses: actions/checkout@v4
+    - name: Setup Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: '18'  
+    
+    - name: Install dependencies
+      run: npm install  
+
+    - name: Build Project
+      run: |
+        npm rebuild
+
+    - name: Download & Setup Bridge CLI on Windows
+      if: runner.os == 'Windows'
+      shell: powershell
+      run: |-
+          curl.exe -L -o $env:TEMP\bridge.zip "$env:BRIDGE_DOWNLOAD_URL/bridge-cli-bundle-win64.zip"
+          Expand-Archive $env:TEMP\bridge.zip -DestinationPath $env:TEMP\bridge -Force
+          $exe = Get-ChildItem $env:TEMP\bridge -Recurse -Filter bridge-cli.exe | Select-Object -First 1
+          "BRIDGE_CLI_INSTALL_DIR=$($exe.FullName)" | Out-File -FilePath $env:GITHUB_ENV -Append
+
+    - name: Download & Setup Bridge CLI on macOS/Linux
+      if: runner.os != 'Windows'
+      shell: bash
+      run: |-
+          OS=$([[ "$RUNNER_OS" == "macOS" ]] && ([[ $(uname -m) =~ arm ]] && echo macos_arm || echo macosx) || ([[ $(uname -m) =~ arm ]] && echo linux_arm || echo linux64))
+          curl -sSL -o bridge.zip "$BRIDGE_DOWNLOAD_URL/bridge-cli-bundle-$OS.zip"
+          unzip -qo bridge.zip -d "$RUNNER_TEMP"
+          echo "BRIDGE_CLI_INSTALL_DIR=$(find "$RUNNER_TEMP" -type f -name bridge-cli | head -n1)" >> "$GITHUB_ENV"
+
+    - name: Black Duck SCA Scan
+      run: ${{ env.BRIDGE_CLI_INSTALL_DIR }} --stage blackducksca
+
+      
