diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 00000000..8244bcbd
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,69 @@
+name: CI-Polaris
+on:
+ push:
+ branches: [ main, master, develop, stage, release ]
+ pull_request:
+ branches: '**' #[ main, master, develop, stage, release ]
+jobs:
+ polaris-scan:
+ runs-on: [ ubuntu-latest ]
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v3
+ - name: Polaris Full Scan
+ if: ${{ github.event_name != 'pull_request' }}
+ uses: synopsys-sig/synopsys-action@v1.13.0
+ with:
+ polaris_server_url: ${{ vars.POLARIS_SERVERURL }}
+ polaris_access_token: ${{ secrets.POLARIS_ACCESSTOKEN }}
+ polaris_application_name: RAF-ACME_Labs
+ polaris_project_name: ${{ github.event.repository.name }}
+ polaris_assessment_types: "SCA,SAST"
+ # polaris_waitForScan: false # Used to support the async mode
+ # project_directory: ${{ vars.PROJECT_DIRECTORY }}
+ ### Uncomment below configuration for source code upload
+ # polaris_assessment_mode: "SOURCE_UPLOAD"
+ # project_source_archive: ${{ vars.PROJECT_SOURCE_ARCHIVE }}
+ # project_source_excludes: ${{ vars.PROJECT_SOURCE_EXCLUDES }} # Accepts Multiple Values
+ # project_source_preserveSymLinks: true
+ ### Uncomment below configuration if Synopsys Bridge diagnostic files needs to be uploaded
+ # include_diagnostics: true
+ ### SARIF report generation and upload to GitHub Adavanced Security Tab: Uncomment below to enable
+ # polaris_reports_sarif_create: true
+ # polaris_reports_sarif_file_path: '/Users/tmp/report.sarif.json' # File path (including file name) where SARIF report is created.
+ # polaris_reports_sarif_severities: "CRITICAL,HIGH"
+ # polaris_reports_sarif_groupSCAIssues: true
+ # polaris_reports_sarif_issue_types: 'SCA, SAST'
+ # polaris_upload_sarif_report: true
+ # github_token: ${{ secrets.GITHUB_TOKEN }} # Required when polaris_upload_sarif_report is set as true
+ ### Signature scan
+ #polaris_test_sca_type: "SCA-SIGNATURE"
+ ### Uncomment below to add arbitrary CL parameters
+ # blackduck_search_depth: 2
+ # blackduck_args: '--detect.diagnostic=true'
+ # blackduck_config_path: '/Users/Config/application.properties'
+ # coverity_build_command: mvn clean install
+ # coverity_clean_command: mvn clean
+ # coverity_config_path: /Users/Config/coverity.yml
+ # coverity_args: --config-override capture.build.build-command=mvn install
+ - name: Polaris PR Scan
+ if: ${{ github.event_name == 'pull_request' }}
+ uses: synopsys-sig/synopsys-action@v1.13.0
+ with:
+ polaris_server_url: ${{ vars.POLARIS_SERVERURL }}
+ polaris_access_token: ${{ secrets.POLARIS_ACCESSTOKEN }}
+ polaris_application_name: RAF-ACME_Labs
+ polaris_project_name: ${{ github.event.repository.name }}
+ polaris_assessment_types: "SCA,SAST"
+ # project_directory: ${{ vars.PROJECT_DIRECTORY }}
+ ### Uncomment below configuration for source code upload
+ # polaris_assessment_mode: "SOURCE_UPLOAD"
+ # project_source_archive: ${{ vars.PROJECT_SOURCE_ARCHIVE }}
+ # project_source_excludes: ${{ vars.PROJECT_SOURCE_EXCLUDES }} # Accepts Multiple Values
+ # project_source_preserveSymLinks: true
+ ### Below configuration is used to enable feedback from Polaris security testing as pull request comment
+ polaris_prComment_enabled: true
+ github_token: ${{ secrets.GITHUB_TOKEN }}
+ # Mandatory when polaris_prComment_enabled is set to 'true'
+ ### Uncomment below configuration if Synopsys Bridge diagnostic files needs to be uploaded
+ # include_diagnostics: true
diff --git a/.github/workflows/polaris-sig.yml b/.github/workflows/polaris-sig.yml
new file mode 100644
index 00000000..f0f55830
--- /dev/null
+++ b/.github/workflows/polaris-sig.yml
@@ -0,0 +1,42 @@
+# example workflow for Polaris scans using the Black Duck Security Scan Action
+# https://github.com/marketplace/actions/black-duck-security-scan
+name: polaris-ss-sig-action
+on:
+ push:
+ branches: [ main, master, develop, stage, release ]
+ pull_request:
+ branches: [ main, master, develop, stage, release ]
+ workflow_dispatch:
+jobs:
+ polaris:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v4
+ - name: Setup Java JDK
+ uses: actions/setup-java@v4
+ with:
+ java-version: 17
+ distribution: microsoft
+ cache: maven
+ - name: Polaris Scan
+ if: ${{ github.event_name != 'pull_request' }}
+ uses: blackduck-inc/black-duck-security-scan@v2.0.0
+ with:
+ polaris_server_url: ${{ vars.POLARIS_SERVERURL }}
+ polaris_access_token: ${{ secrets.POLARIS_ACCESSTOKEN }}
+ polaris_assessment_types: 'SCA'
+ polaris_test_sca_type: 'SCA-SIGNATURE'
+ polaris_application_name: RAF-ACME_LABS
+ polaris_prComment_enabled: 'true'
+ polaris_reports_sarif_create: 'true'
+ polaris_upload_sarif_report: 'true'
+ github_token: ${{ secrets.GITHUB_TOKEN }}
+ # include_diagnostics: true
+# - name: Save Logs
+# if: always()
+# uses: actions/upload-artifact@v4
+# with:
+# name: bridge-logs
+# path: ${{ github.workspace }}/.bridge
+# include-hidden-files: true
diff --git a/pom.xml b/pom.xml
index c62d938c..5cb916fb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -26,6 +26,12 @@
org.springframework.boot
spring-boot-starter-web
+
+
+ org.webjars
+ jquery
+ 3.7.1
+
@@ -428,4 +434,4 @@
-
\ No newline at end of file
+