{"id":20801866,"url":"https://github.com/philips-software/blackduck-report-action","last_synced_at":"2025-05-07T00:42:15.448Z","repository":{"id":65161277,"uuid":"533657508","full_name":"philips-software/blackduck-report-action","owner":"philips-software","description":"GitHub action to produce a SBOM report from a given Black Duck project","archived":false,"fork":false,"pushed_at":"2024-12-09T08:39:30.000Z","size":48,"stargazers_count":12,"open_issues_count":3,"forks_count":3,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-05-01T02:39:51.787Z","etag":null,"topics":["blackduck","software-bill-of-material"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/philips-software.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-09-07T07:35:04.000Z","updated_at":"2024-12-09T08:37:16.000Z","dependencies_parsed_at":"2023-11-24T14:39:57.490Z","dependency_job_id":null,"html_url":"https://github.com/philips-software/blackduck-report-action","commit_stats":{"total_commits":16,"total_committers":4,"mean_commits":4.0,"dds":0.3125,"last_synced_commit":"3ce403aedc4ec5f4202e016506351b490145a2bd"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/philips-software%2Fblackduck-report-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/philips-software%2Fblackduck-report-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/philips-software%2Fblackduck-report-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/philips-software%2Fblackduck-report-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/philips-software","download_url":"https://codeload.github.com/philips-software/blackduck-report-action/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252793546,"owners_count":21805053,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blackduck","software-bill-of-material"],"created_at":"2024-11-17T18:24:51.888Z","updated_at":"2025-05-07T00:42:15.442Z","avatar_url":"https://github.com/philips-software.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Black Duck report action\n\nGitHub action to produce a SBOM report from a given Black Duck project.\n\n## Problem\n\nWhen you get your project analyzed in Black Duck, you might also want to be able to create a report in your ci/cd build pipeline.\n\nBlack Duck can generate SPDX SBOM, but there is no way of trigger this with the official GitHub Action.\n\n## Purpose of this action\n\nThis action will enable you to trigger the creation of a Black Duck report (defaulted to SPDX22).\nIt will also wait for Black Duck to complete the report and download it.\n\n## Usage\n\n\u003c!-- action-docs-description --\u003e\n## Description\n\nCreate Black Duck Report and download it\n\u003c!-- action-docs-description --\u003e\n\u003c!-- action-docs-inputs --\u003e\n## Inputs\n\n| parameter | description | required | default |\n| --- | --- | --- | --- |\n| blackduck-url | url to Black Duck instance | `true` |  |\n| blackduck-token | Black Duck API token | `true` |  |\n| project | Project name in Black Duck | `true` |  |\n| version | Version in Black Duck | `true` |  |\n| report-format | sbomType \"SPDX_22\" allows reportFormat values of \"JSON\", \"RDF\", \"TAGVALUE\" or \"YAML\". sbomType \"CYCLONEDX_13\" or \"CYCLONEDX_14\" allows reportFormat values of \"JSON\". sbomType \"VERSION_LICENSE\" allows reportFormat value \"TEXT\". | `false` | JSON |\n| sbom-type | Type of SBOM report. Allowed values - SPDX_22, CYCLONEDX_13, CYCLONEDX_14, or VERSION_LICENSE | `false` | SPDX_22 |\n\u003c!-- action-docs-inputs --\u003e\n\u003c!-- action-docs-outputs --\u003e\n## Outputs\n\n| parameter | description |\n| --- | --- |\n| sbom-file | SBOM filename if created |\n| sbom-contents | SBOM content if created |\n\u003c!-- action-docs-outputs --\u003e\n\n## Example usage\n\n```yaml\n- uses: philips-software/blackduck-report-action@v0.3\n  id: blackduck-report\n  with:\n    blackduck-url: https://my-blackduck-server\n    blackduck-token: ${{ secrets.BLACKDUCK_TOKEN }}\n    project: my-project\n    version: my-version\n\n- name: show content - Be careful... sboms are huge.. this might cause some problems with io on GitHub.\n  run: echo ${{steps.blackduck-report.outputs.sbom-contents}}\n\n- name: Upload artifact\n  uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8\n  with:\n    name: sbom-report\n    path: ${{steps.blackduck-report.outputs.sbom-file}}\n    retention-days: 7\n```\n\n### Script only\n\n```bash\n./get-blackduck-report.sh \u003cblackduck-url\u003e \u003cblackduck-api-token\u003e \u003cproject-name\u003e \u003cversion-name\u003e\n```\n\n## Example\n\n[Here](https://github.com/philips-software/blackduck-report-action/blob/main/CONTRIBUTING.md#example-workflow) you can find an example of a complete workflow including the scanning of a project.\n\n## Contributing\n\nYou are welcome to contribute to this repository. Please look in [the contributing guide](./CONTRIBUTING.md) how to do this.\n\n## Maintainers\n\n[Here](./MAINTAINERS.md) you can find the maintainers of this project.\n\n## License\n\nMIT\n\n## SBOM\n\nThis action only generates an SBOM report in Black Duck and downloads it. The report is not necessarily providing the correct SBOM.\n\n\u003cimg src=\"./.github/assets/code-slogan.svg\" align=\"right\" width=\"450px\"\u003e\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphilips-software%2Fblackduck-report-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphilips-software%2Fblackduck-report-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphilips-software%2Fblackduck-report-action/lists"}