GitHub action: Coverity scan and publish to the CloudBees platform

1 minute read

Use this action to perform static application security testing (SAST) on a repository with the Coverity on Polaris scanner from Black Duck, and then view comprehensive security results in the CloudBees platform.

This action is available on the GitHub marketplace.

Prerequisites

Set up the CloudBees platform and GHA to work together, providing key features of the platform to GHA workflows. Refer to Getting started for more information.

Inputs

Table 1. Input details
Input name Data type Required? Description

api-token

String

Yes

The Coverity on Polaris API token.

cloudbees-pat

String

Yes

server-url

String

Yes

The Coverity on Polaris server URL.

cloudbees-url

String

No

The CloudBees platform URL. The default value is "https://api.cloudbees.io".

Usage examples

Basic example

The following is a basic example of using this action:

- name: Scan with Coverity on Polaris uses: cloudbees-io-gha/coverity-scan-publish@v1 with: api-token: ${{ secrets.COVERITY_POLARIS_TOKEN }} cloudbees-pat : ${{ secrets.CloudBees-platform-PAT }} server-url: ${{ vars.COVERITY_POLARIS_SERVER_URL }}

Full workflow and run example

The following GHA workflow example scans a repository with Coverity on Polaris.

Example GHA workflow YAML file
name: Coverity scan on: push: branches: - mains jobs: coverity-codescan: runs-on: ubuntu-latest steps: - name: Checkout repository code uses: actions/checkout@v3 - name: Coverity scan uses: cloudbees-io/coverity-github-test@main with: api-token: ${{ secrets.COVERITY_API_TOKEN }} cloudbees-pat: ${{ secrets.CLOUDBEES_QA_PAT }} server-url: ${{ vars.COVERITY_SERVER_URL }}

After the GHA run has completed, the security findings are collected and displayed in the Security center of the component containing the workflow.

Coverity results in security center
Figure 1. Example Coverity scanning results highlighted.