GitHub action: Coverity scan and publish to the CloudBees platform

1 minute read

Use this action to perform static application security testing (SAST) on a repository with the Coverity on Polaris scanner from Black Duck, and then view comprehensive security results in the CloudBees platform.

This action is available on the GitHub marketplace.

Prerequisites

Set up the CloudBees platform and GHA to work together, providing key features of the platform to GHA workflows. Refer to Getting started for more information.

Inputs

Table 1. Input details
Input name Data type Required? Description

api-token

String

Yes

The Coverity on Polaris API token.

server-url

String

Yes

The Coverity on Polaris server URL.

cloudbees-url

String

No

The CloudBees platform URL. The default value is https://api.cloudbees.io.

This action uses GitHub OIDC authentication to securely communicate with the CloudBees platform. Be sure to set permissions to id-token: write in your workflow.

Usage examples

Basic example

The following is a basic example of using this action:

permissions: id-token: write contents: read steps: - name: Scan with Coverity on Polaris uses: cloudbees-io-gha/coverity-scan-publish@v2 with: api-token: ${{ secrets.COVERITY_POLARIS_TOKEN }} server-url: ${{ vars.COVERITY_POLARIS_SERVER_URL }}

Full workflow and run example

The following GHA workflow example scans a repository with Coverity on Polaris.

Example GHA workflow YAML file
name: Coverity scan on: push: branches: - mains jobs: coverity-codescan: runs-on: ubuntu-latest permissions: id-token: write contents: read steps: - name: Checkout repository code uses: actions/checkout@v3 - name: Coverity scan uses: cloudbees-io/coverity-scan-publish@v2 with: api-token: ${{ secrets.COVERITY_API_TOKEN }} server-url: ${{ vars.COVERITY_SERVER_URL }}

After the GHA run has completed, the security findings are collected and displayed in the Security center of the component containing the workflow.

Coverity results in security center
Figure 1. Example Coverity scanning results highlighted.