blackduck-scan:
name: Blackduck Scan
runs-on: ubuntu-latest
continue-on-error: true
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Cache Maven Dependencies
uses: actions/cache@v3
with:
path: ~/.m2/repository
key: maven-${{ runner.os }}-${{ hashFiles('**/pom.xml') }}
restore-keys: |
maven-${{ runner.os }}-
- name: Setup JDK 21
uses: actions/setup-java@v4
with:
distribution: 'graalvm'
java-version: '21'
- name: Verify Environment
run: |
java -version
mvn -version
- name: Build Project
run: |
mvn verify --no-transfer-progress -s ${{ github.workspace }}/settings.xml
- name: Run Synopsys Detect
uses: synopsys-sig/detect-action@v0.3.5
with:
scan-mode: INTELLIGENT
github-token: ${{ secrets.GITHUB_TOKEN }}
detect-version: 7.9.0
blackduck-url: ${{ secrets.BLACKDUCK_URL }}
blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
- name: Print Blackduck Scan Results
if: failure()
run: |
echo "Blackduck scan encountered issues. Review logs below:"
cat detect.log || echo "No detect.log file found."
echo "If diagnostic mode was enabled, attach the diagnostic zip file for support."
- name: Validate Scan Results
if: success()
run: |
echo "Blackduck scan completed successfully"
ls -la ${{ github.workspace }}
echo "-----------"
cat ${{ github.workspace }}/blackduckFindings.sarif.json
This is the workflow file we are using please help us with the fix
Below is the error we are getting on this workflow
2025-01-08 10:05:16 UTC INFO [main] --- Signature scan / Snippet scan on /home/runner/work/bep-devops-api/bep-devops-api: SUCCESS
2025-01-08 10:05:16 UTC INFO [main] --- Overall Status: FAILURE_DETECTOR - Detect had one or more detector failures while extracting dependencies. Check that all projects build and your environment is configured correctly.
2025-01-08 10:05:16 UTC INFO [main] ---
2025-01-08 10:05:16 UTC INFO [main] --- If you need help troubleshooting this problem, generate a diagnostic zip file by adding '-d' to the command line, and provide it to Synopsys Technical Support. See 'Diagnostic Mode' in the Detect documentation for more information.
2025-01-08 10:05:16 UTC INFO [main] ---
2025-01-08 10:05:16 UTC INFO [main] --- ===============================
2025-01-08 10:05:16 UTC INFO [main] ---
2025-01-08 10:05:16 UTC INFO [main] --- Detect duration: 00h 00m 53s 537ms
2025-01-08 10:05:16 UTC ERROR [main] --- Exiting with code 5 - FAILURE_DETECTOR
Error: Detect failed with exit code: 5. Check the logs for more information.
cc: @blackduck-serv-builder @jcroall
blackduck-scan:
name: Blackduck Scan
runs-on: ubuntu-latest
continue-on-error: true
steps:
- name: Checkout code
uses: actions/checkout@v4
This is the workflow file we are using please help us with the fix
Below is the error we are getting on this workflow
2025-01-08 10:05:16 UTC INFO [main] --- Signature scan / Snippet scan on /home/runner/work/bep-devops-api/bep-devops-api: SUCCESS
2025-01-08 10:05:16 UTC INFO [main] --- Overall Status: FAILURE_DETECTOR - Detect had one or more detector failures while extracting dependencies. Check that all projects build and your environment is configured correctly.
2025-01-08 10:05:16 UTC INFO [main] ---
2025-01-08 10:05:16 UTC INFO [main] --- If you need help troubleshooting this problem, generate a diagnostic zip file by adding '-d' to the command line, and provide it to Synopsys Technical Support. See 'Diagnostic Mode' in the Detect documentation for more information.
2025-01-08 10:05:16 UTC INFO [main] ---
2025-01-08 10:05:16 UTC INFO [main] --- ===============================
2025-01-08 10:05:16 UTC INFO [main] ---
2025-01-08 10:05:16 UTC INFO [main] --- Detect duration: 00h 00m 53s 537ms
2025-01-08 10:05:16 UTC ERROR [main] --- Exiting with code 5 - FAILURE_DETECTOR
Error: Detect failed with exit code: 5. Check the logs for more information.
cc: @blackduck-serv-builder @jcroall