ci: add blackduck oss scan (#6171)

MarcusNotheis · web-flow · commit 5e59eedf91c6 · 2024-08-07T13:09:28.000+02:00
diff --git a/.github/workflows/open-source-security.yml b/.github/workflows/open-source-security.yml
@@ -0,0 +1,26 @@
+name: Open Source Security
+
+on:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: "12 3 * * *"
+  workflow_dispatch:
+
+jobs:
+  piper-oss:
+    name: 'Security'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          
+      - name: detectExecuteScan
+        uses: SAP/project-piper-action@v1.5.0
+        with:
+          step-name: detectExecuteScan
+          flags: '--token ${{ secrets.DETECT_TOKEN }}'
+
+  
diff --git a/.pipeline/config.yml b/.pipeline/config.yml
@@ -0,0 +1,16 @@
+general:
+  owner: SAP
+  repository: ui5-webcomponents-react
+  buildTool: yarn
+steps:
+  detectExecuteScan:
+    serverUrl: 'https://sap.blackducksoftware.com'
+    projectName: 'ui5-webcomponents-react'
+    groups:
+      - 'ui5-webcomponents-react'
+    npmDependencyTypesExcluded: ['DEV']
+    useDetect9: true
+    excludedPackageManagers:
+      - 'LERNA'
+    customEnvironmentVariables:
+      - 'DETECT_YARN_DEPENDENCY_TYPES_EXCLUDED=NON_PRODUCTION'
