synopsys-sig / detect-action

Apache License 2.0
28 stars 32 forks source link

missing BDH project name on input parameter #59

Open sugu0620 opened 1 year ago

sugu0620 commented 1 year ago

I would like to use my own custom project name and version during BDH scan. There is no input argument in the Action plugin. Please add or tell me a workaround for this issue.

**default behavior noticed tale repo name as BDH project name.

RDarnel commented 1 year ago

In case anyone else is looking for this, I learned that there are some environment variable overrides built into the detect binary to help with this. Tracking down these environment variables have proven difficult, but appears to correspond to the property name in the CLI where the name is capitalized and the . char is replaced with _. For example, detect.project.name would simply have the corresponding environment variable: DETECT_PROJECT_NAME

For a list of all available properties:
https://sig-product-docs.synopsys.com/bundle/integrations-detect/page/properties/all-properties.html

Environment variables documentation:
https://sig-product-docs.synopsys.com/bundle/integrations-detect/page/configuring/envvars.html

Here's a couple that will help with the project name and version:

Sample usage:


jobs:
  security:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: "<Insert Build Step here>"
    - name: Run BD Detect
      uses: synopsys-sig/detect-action@v0.3.4
      env:
        DETECT_PROJECT_VERSION_NAME: "${{ env.VERSION }}"
        DETECT_PROJECT_NAME: "${{ github.repository }}"
      with:
        scan-mode: INTELLIGENT
        detect-version: 9.0.0
        ...