From f943d81a502e3fb6f33c7f1c29ef322d124e4caa Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Tue, 24 Mar 2026 18:59:23 +0530 Subject: [PATCH 1/2] enabling polaris sast Signed-off-by: nikhil2611 --- .../ci-main-pull-request-stub-1.0.7.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci-main-pull-request-stub-1.0.7.yml b/.github/workflows/ci-main-pull-request-stub-1.0.7.yml index 82b4135c..287848f0 100644 --- a/.github/workflows/ci-main-pull-request-stub-1.0.7.yml +++ b/.github/workflows/ci-main-pull-request-stub-1.0.7.yml @@ -7,9 +7,9 @@ name: CI Pull Request on Main Branch on: pull_request: - branches: [ main, release/** ] + branches: [ nikhil/enable-polaris, release/** ] push: - branches: [ main, release/** ] + branches: [ nikhil/enable-polaris, release/** ] workflow_dispatch: @@ -98,15 +98,15 @@ jobs: # BlackDuck SAST (Polaris) require a build or binary present in repo to do SAST testing # requires these secrets: POLARIS_SERVER_URL, POLARIS_ACCESS_TOKEN - perform-blackduck-polaris: false + perform-blackduck-polaris: true polaris-application-name: "Chef-Agents" # one of these: Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services, Chef-Other, Chef-Non-Product polaris-project-name: ${{ github.event.repository.name }} # arch-sample-cli - polaris-working-directory: '.' # Working directory for the scan, defaults to . but usually lang-dependent like ./src - polaris-coverity-build-command: 'go build -o bin/chef-cli.exe' # Coverity build command, typically done in build stage by language or here as param 1-liner like "mvn clean install" - polaris-coverity-clean-command: 'go clean' # Coverity clean command, typically done before build stage by language or here as param 1-liner like "mvn clean" - polaris-detect-search-depth: '5' # Detect search depth, blank but can be set to "3" to search up to 3 levels of subdirectories for code to scan' - polaris-assessment-mode: 'SAST' # Assessment mode (SAST, CI or SOURCE_UPLOAD) - wait-for-scan: true + # polaris-working-directory: '.' # Working directory for the scan, defaults to . but usually lang-dependent like ./src + # polaris-coverity-build-command: 'go build -o bin/chef-cli.exe' # Coverity build command, typically done in build stage by language or here as param 1-liner like "mvn clean install" + # polaris-coverity-clean-command: 'go clean' # Coverity clean command, typically done before build stage by language or here as param 1-liner like "mvn clean" + # polaris-detect-search-depth: '5' # Detect search depth, blank but can be set to "3" to search up to 3 levels of subdirectories for code to scan' + # polaris-assessment-mode: 'SAST' # Assessment mode (SAST, CI or SOURCE_UPLOAD) + # wait-for-scan: true # polaris-detect-args: '' # Additional Detect arguments, can supply extra arguments like "--detect.diagnostic=true" # coverity_build_command: "go build" # coverity_clean_command: "go clean" From c19acd0924fd5ea77bc024680f0cc703d37936b3 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Tue, 24 Mar 2026 20:15:59 +0530 Subject: [PATCH 2/2] updating to main Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request-stub-1.0.7.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-main-pull-request-stub-1.0.7.yml b/.github/workflows/ci-main-pull-request-stub-1.0.7.yml index 287848f0..3fa9d2af 100644 --- a/.github/workflows/ci-main-pull-request-stub-1.0.7.yml +++ b/.github/workflows/ci-main-pull-request-stub-1.0.7.yml @@ -7,9 +7,9 @@ name: CI Pull Request on Main Branch on: pull_request: - branches: [ nikhil/enable-polaris, release/** ] + branches: [ main, release/** ] push: - branches: [ nikhil/enable-polaris, release/** ] + branches: [ main, release/** ] workflow_dispatch: