Use this action to perform static application security testing (SAST) on a repository with the Coverity on Polaris scanner from Black Duck. You can also use the action output as a quality gate for the next step or job in your workflow.
All CloudBees action repositories are listed at CloudBees, Inc. on GitHub. |
Inputs
Input name | Data type | Required? | Description |
---|---|---|---|
|
String |
Yes |
The Coverity on Polaris server URL. |
|
String |
Yes |
The Coverity on Polaris API token. |
|
String |
Yes |
Specify the ref to be checked out and archived. |
Outputs
Output name | Data type | Description |
---|---|---|
|
String |
The number of Critical security findings discovered during the scan. |
|
String |
The number of Very high security findings discovered during the scan. |
|
String |
The number of High security findings discovered during the scan. |
|
String |
The number of Medium security findings discovered during the scan. |
|
String |
The number of Low security findings discovered during the scan. |
Usage examples
Basic example
The following is a basic example of using the action:
- name: Scan with Coverity on Polaris uses: cloudbees-io/coverity-polaris-sast-scan-code@v1 with: server-url: ${{ vars.COVERITY_POLARIS_SERVER_URL }} api-token: ${{ secrets.COVERITY_POLARIS_TOKEN }} ref: main
Using the action output
Access the output values in downstream steps and jobs using the outputs
context.
Use the output in your workflow as follows, where <action_step_ID>
is the action step ID, and <severity>
is an output parameter name, such as critical-count
:
${{steps.<action_step_ID>.outputs.<severity>}}
The following example uses the action output in a downstream step of the same job:
The following example uses the action output in a downstream job: