OWASP · bd-gshinde · May 25, 2026 · May 25, 2026 · May 25, 2026 · May 25, 2026
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
@@ -0,0 +1,51 @@
+
+name: coverity-action
+on:
+  push:
+    branches: [main, master, develop, stage, release]
+  pull_request:
+    branches: [main, master, develop, stage, release]
+  workflow_dispatch:
+jobs:
+  coverity:
+    runs-on: self-hosted
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v4
+      # For compiled languages, uncomment and configure the build setup step below:
+      # - name: Setup Java JDK
+      #   uses: actions/setup-java@v4
+      #   with:
+      #     java-version: 21
+      #     distribution: temurin
+      #     cache: maven
+      - name: Coverity Scan
+        uses: blackduck-inc/black-duck-security-scan@SIGINT-5334
+        with:
+          ### SCANNING: Required fields
+          coverity_url: ${{ vars.COVERITY_URL }}
+          coverity_user: ${{ secrets.COVERITY_USER }}
+          coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }}
+
+          ### POLICY ENFORCEMENT: Break build on full scan when encounter outstanding issues
+          coverity_policy_view: ${{ github.event_name != 'pull_request' && 'Outstanding Issues' || '' }}
+
+          ### PULL REQUEST COMMENTS:
+          coverity_prComment_enabled: true
+
+          # Required when PR comments is enabled
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+          ### Perform local analysis with full toolkit
+          # coverity_local: true
+          ## Use the parameter below to add comments for issues filtered 
+          ## by impact. Default is High if unset
+          ## NOTE: Issues matching coverity_policy_view are ignored if set
+          # coverity_prComment_impacts: 'High'
+
+          ### COVERITY: Build commands for compiled languages (uncomment and configure for compiled languages)
+          # coverity_build_command: mvn -B -DskipTests package
+          # coverity_clean_command: mvn -B clean
+
+          ## OPTIONAL DIAGNOSTICS: Upload logs as build artifact if true
+          include_diagnostics: false
diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
diff --git a/.github/workflows/polaris.yml b/.github/workflows/polaris.yml
@@ -0,0 +1,57 @@
+name: CI-Polaris-Basic
+on:
+  push:
+    branches: [main, master, develop, stage, release]
+  pull_request:
+    branches: [main, master, develop, stage, release]
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: [ubuntu-latest]
+    steps:
+    - name: Checkout Source
+      uses: actions/checkout@v4
+    # For compiled languages, uncomment and configure the build setup step below:
+    # - name: Setup Java JDK
+    #   uses: actions/setup-java@v4
+    #   with:
+    #     java-version: 21
+    #     distribution: temurin
+    #     cache: maven
+    - name: Check Node Version
+      run: node --version
+    - name: Polaris Scan
+      uses: LanceMcCarthy/black-duck-security-scan@lance/update-runner-node-version
+      with:
+        ### SCANNING: Required fields
+        polaris_server_url: ${{ vars.POLARIS_SERVER_URL }}
+        polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+        polaris_assessment_types: "SCA"
+
+        ### SCANNING OPTIONAL
+        polaris_application_name: quickstart-${{ github.event.repository.name }}
+
+        ### SCANNING OPTIONAL: Pull Request comments
+        polaris_prComment_enabled: true
+
+        ### SCANNING OPTIONAL: GitHub Issues
+        polaris_externalIssues_create: true
+
+        ### SCANNING OPTIONAL: Fix Pull Requests
+        polaris_fixpr_enabled: true
+
+        ### GITHUB Token
+        # Required when Pull Request comments, Fix Pull Requests or GitHub issues are enabled
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+
+        ### ENABLE OPTIONAL SCAN REPORTS
+        polaris_reports_sarif_create: true
+        polaris_upload_sarif_report: true
+
+        ### COVERITY BUILD COMMANDS (uncomment and configure for compiled languages)
+        # coverity_build_command: mvn -B -DskipTests package
+        # coverity_clean_command: mvn -B clean
+
+        ### OPTIONAL DIAGNOSTICS: Upload logs as build artifact if true
+        include_diagnostics: false
diff --git a/options.yml b/options.yml
@@ -0,0 +1,115 @@
+  Option 1: Test the NEW parameter (coverity_password)
+
+  name: coverity-action
+  on:
+    push:
+      branches: [main, master, develop, stage, release]
+    pull_request:
+      branches: [main, master, develop, stage, release]
+    workflow_dispatch:
+  jobs:
+    coverity:
+      runs-on: self-hosted
+      steps:
+        - name: Checkout Source
+          uses: actions/checkout@v4
+
+        - name: Coverity Scan (Testing NEW coverity_password parameter)
+          uses: blackduck-inc/black-duck-security-scan@brnach-coverage
+          with:
+            ### SCANNING: Required fields - Using NEW parameter name
+            coverity_url: ${{ vars.COVERITY_URL }}
+            coverity_user: ${{ secrets.COVERITY_USER }}
+            coverity_password: ${{ secrets.COVERITY_PASSPHRASE }}  # NEW parameter name
+
+            ### POLICY ENFORCEMENT: Break build on full scan when encounter outstanding issues
+            coverity_policy_view: ${{ github.event_name != 'pull_request' && 'Outstanding Issues' || '' }}
+
+            ### PULL REQUEST COMMENTS:
+            coverity_prComment_enabled: true
+
+            # Required when PR comments is enabled
+            github_token: ${{ secrets.GITHUB_TOKEN }}
+
+            ## OPTIONAL DIAGNOSTICS: Upload logs as build artifact if true
+            include_diagnostics: false
+
+  Option 2: Test BACKWARD COMPATIBILITY (deprecated parameter still works)
+
+  name: coverity-action
+  on:
+    push:
+      branches: [main, master, develop, stage, release]
+    pull_request:
+      branches: [main, master, develop, stage, release]
+    workflow_dispatch:
+  jobs:
+    coverity:
+      runs-on: self-hosted
+      steps:
+        - name: Checkout Source
+          uses: actions/checkout@v4
+
+        - name: Coverity Scan (Testing backward compatibility with deprecated coverity_passphrase)
+          uses: blackduck-inc/black-duck-security-scan@brnach-coverage
+          with:
+            ### SCANNING: Required fields - Using OLD deprecated parameter name
+            coverity_url: ${{ vars.COVERITY_URL }}
+            coverity_user: ${{ secrets.COVERITY_USER }}
+            coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }}  # DEPRECATED - but should still work
+
+            ### POLICY ENFORCEMENT: Break build on full scan when encounter outstanding issues
+            coverity_policy_view: ${{ github.event_name != 'pull_request' && 'Outstanding Issues' || '' }}
+
+            ### PULL REQUEST COMMENTS:
+            coverity_prComment_enabled: true
+
+            # Required when PR comments is enabled
+            github_token: ${{ secrets.GITHUB_TOKEN }}
+
+            ## OPTIONAL DIAGNOSTICS: Upload logs as build artifact if true
+            include_diagnostics: false
+
+  Option 3: Comprehensive Test - Run BOTH scenarios in parallel
+
+  name: coverity-action-comprehensive-test
+  on:
+    push:
+      branches: [main, master, develop, stage, release]
+    pull_request:
+      branches: [main, master, develop, stage, release]
+    workflow_dispatch:
+  jobs:
+    # Test new parameter
+    coverity-new-param:
+      runs-on: self-hosted
+      steps:
+        - name: Checkout Source
+          uses: actions/checkout@v4
+
+        - name: Coverity Scan with NEW coverity_password
+          uses: blackduck-inc/black-duck-security-scan@brnach-coverage
+          with:
+            coverity_url: ${{ vars.COVERITY_URL }}
+            coverity_user: ${{ secrets.COVERITY_USER }}
+            coverity_password: ${{ secrets.COVERITY_PASSPHRASE }}
+            coverity_prComment_enabled: true
+            github_token: ${{ secrets.GITHUB_TOKEN }}
+            include_diagnostics: true  # Enable to verify logs
+
+    # Test backward compatibility  
+    coverity-deprecated-param:
+      runs-on: self-hosted
+      steps:
+        - name: Checkout Source
+          uses: actions/checkout@v4
+
+        - name: Coverity Scan with DEPRECATED coverity_passphrase
+          uses: blackduck-inc/black-duck-security-scan@brnach-coverage
+          with:
+            coverity_url: ${{ vars.COVERITY_URL }}
+            coverity_user: ${{ secrets.COVERITY_USER }}
+            coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }}
+            coverity_prComment_enabled: true
+            github_token: ${{ secrets.GITHUB_TOKEN }}
+            include_diagnostics: true  # Enable to verify logs