Full build scan — installs Node.js dependencies and runs a comprehensive Black Duck SCA intelligent scan.
This example demonstrates a complete Black Duck SCA scan that includes a build step. The workflow:
- Checks out the source code
- Sets up Node.js and installs all dependencies via
npm install - Runs a full Black Duck SCA intelligent scan
Including the build step allows Black Duck to accurately identify all transitive dependencies from the resolved dependency tree.
.github/workflows/build-scan.yml
| Parameter | Value | Description |
|---|---|---|
blackduck_url |
${{ secrets.BLACKDUCK_URL }} |
URL of your Black Duck instance |
blackduck_apiToken |
${{ secrets.BLACKDUCK_API_TOKEN }} |
API token for authentication |
blackduck_scan_full |
true |
Runs a full intelligent scan using build artifacts |
- A Black Duck instance (SaaS or on-prem)
- GitHub repository secrets configured:
BLACKDUCK_URL— URL of your Black Duck instance (e.g.,https://blackduck.example.com)BLACKDUCK_API_TOKEN— API token with scan permissions
- Copy
.github/workflows/build-scan.ymlinto your repository's.github/workflows/directory - Configure the required secrets under Settings → Secrets and variables → Actions
- Push to
mainor open a pull request to trigger the scan
- Your project has a build step that resolves and downloads dependencies
- You want the most accurate and comprehensive scan results
- You are scanning on push to
mainas part of a full CI pipeline