Software Composition Analysis #189
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SCA Scan | |
| name: Software Composition Analysis | |
| on: | |
| # Runs on a schedule | |
| schedule: | |
| - cron: '00 11 * * FRI' | |
| # Run this workflow manually from Actions tab | |
| workflow_dispatch: | |
| inputs: | |
| branch_to_test: | |
| description: 'Branch or tag to run test' | |
| required: true | |
| default: 'main' | |
| type: string | |
| options: | |
| - 'main' | |
| - 'v2.x' | |
| # Allow one concurrent deployment | |
| concurrency: | |
| group: ${{ github.repository }}-${{ github.workflow }} | |
| cancel-in-progress: true | |
| jobs: | |
| software-composition-analysis: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| # - name: Checkout Code (Schedule) | |
| # if: github.event_name == 'schedule' | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # ref: v2.x | |
| # repository: aiverify-foundation/aiverify | |
| # submodules: recursive | |
| # - name: Checkout Code (Pull Request Into v2.x) | |
| # if: github.event_name == 'pull_request' | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # ref: ${{ github.event.pull_request.head.ref }} | |
| # repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| # submodules: recursive | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.branch_to_test }} | |
| repository: aiverify-foundation/aiverify | |
| submodules: recursive | |
| - name: Set Branch Variable (v2.x) | |
| if: inputs.branch_to_test == 'v2.x' | |
| run: | | |
| echo "BRANCH=v2.x" >> "$GITHUB_ENV" | |
| - name: Set Branch Variable (Main) | |
| if: inputs.branch_to_test == 'main' | |
| run: | | |
| echo "BRANCH=v1.0" >> "$GITHUB_ENV" | |
| - name: Set up Python 3.11 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Install & Scan APIGW (v2.x) | |
| if: inputs.branch_to_test == 'v2.x' | |
| run: | | |
| cd aiverify-apigw | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| pip install -e . | |
| pip freeze > requirements.txt | |
| deactivate | |
| rm -rf venv | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| pip install -r requirements.txt | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=aiverify-apigw --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="aiverify-apigw_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
| deactivate | |
| cd ../ | |
| - name: Install & Scan APIGW (Main) | |
| if: inputs.branch_to_test == 'main' | |
| run: | | |
| cd ai-verify-apigw | |
| npm install | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=ai-verify-apigw --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="ai-verify-apigw_$BRANCH" --detect.excluded.directories=tests --blackduck.trust.cert=true | |
| cd ../ | |
| - name: Install & Scan PORTAL (Main) | |
| if: inputs.branch_to_test == 'main' | |
| run: | | |
| cd ai-verify-portal | |
| npm install | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=ai-verify-portal --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="ai-verify-portal_$BRANCH" --detect.excluded.directories=tests --blackduck.trust.cert=true | |
| cd ../ | |
| - name: Install & Scan SHARED LIBRARY (Main) | |
| if: inputs.branch_to_test == 'main' | |
| run: | | |
| cd ai-verify-shared-library | |
| npm install | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=ai-verify-shared-library --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="ai-verify-shared-library_$BRANCH" --detect.excluded.directories=tests --blackduck.trust.cert=true | |
| cd ../ | |
| - name: Install & Scan TEST ENGINE (v2.x) | |
| if: inputs.branch_to_test == 'v2.x' | |
| run: | | |
| cd aiverify-test-engine | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| pip install -e . | |
| pip freeze > requirements.txt | |
| deactivate | |
| rm -rf venv | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| pip install -r requirements.txt | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=aiverify-test-engine --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="aiverify-test-engine_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
| deactivate | |
| cd ../ | |
| - name: Install & Scan TEST ENGINE (Main) | |
| if: inputs.branch_to_test == 'main' | |
| run: | | |
| cd test-engine-app | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| pip install -r requirements.txt | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=test-engine-app --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="test-engine-app_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
| deactivate | |
| cd ../ | |
| - name: Install & Scan TEST ENGINE CORE (Main) | |
| if: inputs.branch_to_test == 'main' | |
| run: | | |
| cd test-engine-core | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| pip install -r requirements.txt | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=test-engine-core --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="test-engine-core_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
| deactivate | |
| cd ../ | |
| - name: Install & Scan TEST ENGINE CORE MODULES (Main) | |
| if: inputs.branch_to_test == 'main' | |
| run: | | |
| cd test-engine-core-modules | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| pip install -r requirements.txt | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=test-engine-core-modules --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="test-engine-core-modules_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
| deactivate | |
| cd ../ | |
| - name: Install & Scan Accumulated Local Effects (v2.x) | |
| if: inputs.branch_to_test == 'v2.x' | |
| run: | | |
| cd stock-plugins/aiverify.stock.accumulated-local-effect/algorithms/accumulated_local_effect | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=accumulated-local-effect --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="accumulated-local-effect_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
| deactivate | |
| - name: Install & Scan Decorators (v2.x) | |
| if: inputs.branch_to_test == 'v2.x' | |
| run: | | |
| cd stock-plugins/aiverify.stock.decorators | |
| npm install | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=decorators --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="decorators_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
| - name: Install & Scan Fairness Metric ToolBox For Classification (v2.x) | |
| if: inputs.branch_to_test == 'v2.x' | |
| run: | | |
| cd stock-plugins/aiverify.stock.fairness-metrics-toolbox-for-classification/algorithms/fairness_metrics_toolbox_for_classification | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=fairness-metrics-toolbox-for-classification --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="fairness-metrics-toolbox-for-classification_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
| deactivate | |
| - name: Install & Scan Fairness Metric ToolBox For Regression (v2.x) | |
| if: inputs.branch_to_test == 'v2.x' | |
| run: | | |
| cd stock-plugins/aiverify.stock.fairness-metrics-toolbox-for-regression/algorithms/fairness_metrics_toolbox_for_regression | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=fairness-metrics-toolbox-for-regression --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="fairness-metrics-toolbox-for-regression_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
| deactivate | |
| - name: Install & Scan Blur Corruptions (v2.x) | |
| if: inputs.branch_to_test == 'v2.x' | |
| run: | | |
| cd stock-plugins/aiverify.stock.image-corruption-toolbox/algorithms/blur_corruptions | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=blur-corruptions --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="blur-corruptions_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
| deactivate | |
| - name: Install & Scan Digital Corruptions (v2.x) | |
| if: inputs.branch_to_test == 'v2.x' | |
| run: | | |
| cd stock-plugins/aiverify.stock.image-corruption-toolbox/algorithms/digital_corruptions | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=digital-corruptions --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="digital-corruptions_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
| deactivate | |
| - name: Install & Scan Environment Corruptions (v2.x) | |
| if: inputs.branch_to_test == 'v2.x' | |
| run: | | |
| cd stock-plugins/aiverify.stock.image-corruption-toolbox/algorithms/environment_corruptions | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=environment-corruptions --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="environment-corruptions_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
| deactivate | |
| - name: Install & Scan General Corruptions (v2.x) | |
| if: inputs.branch_to_test == 'v2.x' | |
| run: | | |
| cd stock-plugins/aiverify.stock.image-corruption-toolbox/algorithms/general_corruptions | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=general-corruptions --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="general-corruptions_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
| deactivate | |
| - name: Install & Scan Partial Dependence Plot (v2.x) | |
| if: inputs.branch_to_test == 'v2.x' | |
| run: | | |
| cd stock-plugins/aiverify.stock.partial-dependence-plot/algorithms/partial_dependence_plot | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=partial-dependence-plot --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="partial-dependence-plot_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
| deactivate | |
| - name: Install & Scan Robustness ToolBox (v2.x) | |
| if: inputs.branch_to_test == 'v2.x' | |
| run: | | |
| cd stock-plugins/aiverify.stock.robustness-toolbox/algorithms/robustness_toolbox | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=robustness-toolbox --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="robustness-toolbox_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
| deactivate | |
| - name: Install & Scan SHAP ToolBox (v2.x) | |
| if: inputs.branch_to_test == 'v2.x' | |
| run: | | |
| cd stock-plugins/aiverify.stock.shap-toolbox/algorithms/shap_toolbox | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| bash <(curl -s -L https://detect.synopsys.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=shap-toolbox --detect.project.version.name=$BRANCH --detect.source.path=. --detect.code.location.name="shap-toolbox_$BRANCH" --detect.excluded.directories=venv,tests --blackduck.trust.cert=true | |
| deactivate |