v2 Software Composition Analysis #133
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SCA Scan | |
| name: v2 Software Composition Analysis | |
| on: | |
| # Run this workflow everyday at 6:05pm Singapore Time (10:05am UTC) | |
| schedule: | |
| - cron: '5 10 * * *' | |
| # Run this workflow manually from Actions tab | |
| workflow_dispatch: | |
| # Allow one concurrent deployment | |
| concurrency: | |
| group: ${{ github.repository }}-${{ github.workflow }} | |
| cancel-in-progress: true | |
| jobs: | |
| Software-Composition-Analysis: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| repository: aiverify-foundation/aiverify | |
| submodules: recursive | |
| - name: Set up Python 3.11 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Install & Scan APIGW | |
| run: | | |
| cd aiverify-apigw | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install . | |
| pip freeze > requirements.txt | |
| rm -rf .venv | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install -r requirements.txt | |
| bash <(curl -s -L https://detect.blackduck.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=aiverify-apigw --detect.project.version.name=v2.x --detect.source.path=. --detect.code.location.name="aiverify-apigw_v2.x" --detect.excluded.directories=.venv,tests --blackduck.trust.cert=true --detect.notices.report=true --detect.notices.report.path=. | |
| mv aiverify_apigw_v2_x_Black_Duck_Notices_Report.txt NOTICE.md | |
| deactivate | |
| rm -rf .venv | |
| cd ${GITHUB_WORKSPACE} | |
| - name: Install & Scan SHARED LIBRARY | |
| run: | | |
| cd aiverify-shared-library | |
| rm package-lock.json | |
| npm install --omit=dev --omit=optional | |
| bash <(curl -s -L https://detect.blackduck.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=aiverify-shared-library --detect.project.version.name=v2.x --detect.source.path=. --detect.code.location.name="aiverify-shared-library_v2.x" --detect.excluded.directories=tests --blackduck.trust.cert=true --detect.notices.report=true --detect.notices.report.path=. | |
| mv aiverify_shared_library_v2_x_Black_Duck_Notices_Report.txt NOTICE.md | |
| npm cache clean --force | |
| cd ${GITHUB_WORKSPACE} | |
| - name: Install & Scan PORTAL | |
| run: | | |
| cd aiverify-portal | |
| rm package-lock.json | |
| npm install --omit=dev --omit=optional | |
| bash <(curl -s -L https://detect.blackduck.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=aiverify-portal --detect.project.version.name=v2.x --detect.source.path=. --detect.code.location.name="aiverify-portal_v2.x" --detect.excluded.directories=tests --blackduck.trust.cert=true --detect.notices.report=true --detect.notices.report.path=. | |
| mv aiverify_portal_v2_x_Black_Duck_Notices_Report.txt NOTICE.md | |
| npm cache clean --force | |
| cd ${GITHUB_WORKSPACE} | |
| - name: Install & Scan TEST ENGINE | |
| run: | | |
| cd aiverify-test-engine | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install ".[all]" | |
| pip freeze > requirements.txt | |
| deactivate | |
| rm -rf .venv | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install -r requirements.txt | |
| cat requirements.txt | |
| bash <(curl -s -L https://detect.blackduck.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=aiverify-test-engine --detect.project.version.name=v2.x --detect.source.path=. --detect.code.location.name="aiverify-test-engine_v2.x" --detect.excluded.directories=tests --blackduck.trust.cert=true --detect.notices.report=true --detect.notices.report.path=. --detect.tools.excluded=SIGNATURE_SCAN | |
| mv aiverify_test_engine_v2_x_Black_Duck_Notices_Report.txt NOTICE.md | |
| deactivate | |
| rm -rf .venv | |
| cd ${GITHUB_WORKSPACE} | |
| - name: Install & Scan TEST ENGINE WORKER | |
| run: | | |
| cd aiverify-test-engine-worker | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install . | |
| pip freeze > requirements.txt | |
| deactivate | |
| rm -rf .venv | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install -r requirements.txt | |
| cat requirements.txt | |
| bash <(curl -s -L https://detect.blackduck.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=aiverify-test-engine-worker --detect.project.version.name=v2.x --detect.source.path=. --detect.code.location.name="aiverify-test-engine-worker_v2.x" --detect.excluded.directories=.venv,tests --blackduck.trust.cert=true --detect.notices.report=true --detect.notices.report.path=. | |
| mv aiverify_test_engine_worker_v2_x_Black_Duck_Notices_Report.txt NOTICE.md | |
| deactivate | |
| rm -rf .venv | |
| cd ${GITHUB_WORKSPACE} | |
| - name: Install & Scan Accumulated Local Effects | |
| run: | | |
| cd stock-plugins/aiverify.stock.accumulated-local-effect/algorithms/accumulated_local_effect | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install . | |
| pip freeze > requirements.txt | |
| deactivate | |
| rm -rf .venv | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install -r requirements.txt | |
| bash <(curl -s -L https://detect.blackduck.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=accumulated-local-effect --detect.project.version.name=v2.x --detect.source.path=. --detect.code.location.name="accumulated-local-effect_v2.x" --detect.excluded.directories=.venv,tests --blackduck.trust.cert=true --detect.notices.report=true --detect.notices.report.path=. --detect.tools.excluded=SIGNATURE_SCAN | |
| mv accumulated_local_effect_v2_x_Black_Duck_Notices_Report.txt NOTICE.md | |
| deactivate | |
| rm -rf .venv | |
| cd ${GITHUB_WORKSPACE} | |
| - name: Install & Scan Decorators | |
| run: | | |
| cd stock-plugins/aiverify.stock.decorators | |
| npm install | |
| bash <(curl -s -L https://detect.blackduck.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=decorators --detect.project.version.name=v2.x --detect.source.path=. --detect.code.location.name="decorators_v2.x" --detect.excluded.directories=.venv,tests --blackduck.trust.cert=true --detect.notices.report=true --detect.notices.report.path=. | |
| mv decorators_v2_x_Black_Duck_Notices_Report.txt NOTICE.md | |
| npm cache clean --force | |
| cd ${GITHUB_WORKSPACE} | |
| - name: Install & Scan Fairness Metric ToolBox For Classification | |
| run: | | |
| cd stock-plugins/aiverify.stock.fairness-metrics-toolbox-for-classification/algorithms/fairness_metrics_toolbox_for_classification | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install . | |
| pip freeze > requirements.txt | |
| deactivate | |
| rm -rf .venv | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install -r requirements.txt | |
| bash <(curl -s -L https://detect.blackduck.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=fairness-metrics-toolbox-for-classification --detect.project.version.name=v2.x --detect.source.path=. --detect.code.location.name="fairness-metrics-toolbox-for-classification_v2.x" --detect.excluded.directories=.venv,tests --blackduck.trust.cert=true --detect.notices.report=true --detect.notices.report.path=. | |
| mv fairness_metrics_toolbox_for_classification_v2_x_Black_Duck_Notices_Report.txt NOTICE.md | |
| deactivate | |
| rm -rf .venv | |
| cd ${GITHUB_WORKSPACE} | |
| - name: Install & Scan Fairness Metric ToolBox For Regression | |
| run: | | |
| cd stock-plugins/aiverify.stock.fairness-metrics-toolbox-for-regression/algorithms/fairness_metrics_toolbox_for_regression | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install . | |
| pip freeze > requirements.txt | |
| deactivate | |
| rm -rf .venv | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install -r requirements.txt | |
| bash <(curl -s -L https://detect.blackduck.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=fairness-metrics-toolbox-for-regression --detect.project.version.name=v2.x --detect.source.path=. --detect.code.location.name="fairness-metrics-toolbox-for-regression_v2.x" --detect.excluded.directories=.venv,tests --blackduck.trust.cert=true --detect.notices.report=true --detect.notices.report.path=. | |
| mv fairness_metrics_toolbox_for_regression_v2_x_Black_Duck_Notices_Report.txt NOTICE.md | |
| deactivate | |
| rm -rf .venv | |
| cd ${GITHUB_WORKSPACE} | |
| - name: Install & Scan Blur Corruptions | |
| run: | | |
| cd aiverify-test-engine | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install ".[all]" | |
| cd ${GITHUB_WORKSPACE} | |
| cd stock-plugins/aiverify.stock.image-corruption-toolbox/algorithms/blur_corruptions | |
| pip install . | |
| pip freeze > requirements.txt | |
| deactivate | |
| rm -rf .venv | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install -r requirements.txt | |
| bash <(curl -s -L https://detect.blackduck.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=blur-corruptions --detect.project.version.name=v2.x --detect.source.path=. --detect.code.location.name="blur-corruptions_v2.x" --detect.excluded.directories=.venv,tests --blackduck.trust.cert=true --detect.notices.report=true --detect.notices.report.path=. | |
| mv blur_corruptions_v2_x_Black_Duck_Notices_Report.txt NOTICE.md | |
| deactivate | |
| rm -rf .venv | |
| cd ${GITHUB_WORKSPACE} | |
| - name: Install & Scan Digital Corruptions | |
| run: | | |
| cd aiverify-test-engine | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install ".[all]" | |
| cd ${GITHUB_WORKSPACE} | |
| cd stock-plugins/aiverify.stock.image-corruption-toolbox/algorithms/digital_corruptions | |
| pip install . | |
| pip freeze > requirements.txt | |
| deactivate | |
| rm -rf .venv | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install -r requirements.txt | |
| bash <(curl -s -L https://detect.blackduck.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=digital-corruptions --detect.project.version.name=v2.x --detect.source.path=. --detect.code.location.name="digital-corruptions_v2.x" --detect.excluded.directories=.venv,tests --blackduck.trust.cert=true --detect.notices.report=true --detect.notices.report.path=. | |
| mv digital_corruptions_v2_x_Black_Duck_Notices_Report.txt NOTICE.md | |
| deactivate | |
| rm -rf .venv | |
| cd ${GITHUB_WORKSPACE} | |
| - name: Install & Scan Environment Corruptions | |
| run: | | |
| cd aiverify-test-engine | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install ".[all]" | |
| cd ${GITHUB_WORKSPACE} | |
| cd stock-plugins/aiverify.stock.image-corruption-toolbox/algorithms/environment_corruptions | |
| pip install . | |
| pip freeze > requirements.txt | |
| deactivate | |
| rm -rf .venv | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install -r requirements.txt | |
| bash <(curl -s -L https://detect.blackduck.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=environment-corruptions --detect.project.version.name=v2.x --detect.source.path=. --detect.code.location.name="environment-corruptions_v2.x" --detect.excluded.directories=.venv,tests --blackduck.trust.cert=true --detect.notices.report=true --detect.notices.report.path=. | |
| mv environment_corruptions_v2_x_Black_Duck_Notices_Report.txt NOTICE.md | |
| deactivate | |
| rm -rf .venv | |
| cd ${GITHUB_WORKSPACE} | |
| - name: Install & Scan General Corruptions | |
| run: | | |
| cd stock-plugins/aiverify.stock.image-corruption-toolbox/algorithms/general_corruptions | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install . | |
| bash <(curl -s -L https://detect.blackduck.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=general-corruptions --detect.project.version.name=v2.x --detect.source.path=. --detect.code.location.name="general-corruptions_v2.x" --detect.excluded.directories=.venv,tests --blackduck.trust.cert=true --detect.notices.report=true --detect.notices.report.path=. | |
| mv general_corruptions_v2_x_Black_Duck_Notices_Report.txt NOTICE.md | |
| deactivate | |
| rm -rf .venv | |
| cd ${GITHUB_WORKSPACE} | |
| - name: Install & Scan Partial Dependence Plot | |
| run: | | |
| cd stock-plugins/aiverify.stock.partial-dependence-plot/algorithms/partial_dependence_plot | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install . | |
| pip freeze > requirements.txt | |
| deactivate | |
| rm -rf .venv | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install -r requirements.txt | |
| bash <(curl -s -L https://detect.blackduck.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=partial-dependence-plot --detect.project.version.name=v2.x --detect.source.path=. --detect.code.location.name="partial-dependence-plot_v2.x" --detect.excluded.directories=.venv,tests --blackduck.trust.cert=true --detect.notices.report=true --detect.notices.report.path=. | |
| mv partial_dependence_plot_v2_x_Black_Duck_Notices_Report.txt NOTICE.md | |
| deactivate | |
| rm -rf .venv | |
| cd ${GITHUB_WORKSPACE} | |
| - name: Install & Scan Robustness ToolBox | |
| run: | | |
| cd stock-plugins/aiverify.stock.robustness-toolbox/algorithms/robustness_toolbox | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install . | |
| pip freeze > requirements.txt | |
| deactivate | |
| rm -rf .venv | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install -r requirements.txt | |
| bash <(curl -s -L https://detect.blackduck.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=robustness-toolbox --detect.project.version.name=v2.x --detect.source.path=. --detect.code.location.name="robustness-toolbox_v2.x" --detect.excluded.directories=.venv,tests --blackduck.trust.cert=true --detect.notices.report=true --detect.notices.report.path=. | |
| mv robustness_toolbox_v2_x_Black_Duck_Notices_Report.txt NOTICE.md | |
| deactivate | |
| rm -rf .venv | |
| cd ${GITHUB_WORKSPACE} | |
| - name: Install & Scan SHAP ToolBox | |
| run: | | |
| cd stock-plugins/aiverify.stock.shap-toolbox/algorithms/shap_toolbox | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install . | |
| pip freeze > requirements.txt | |
| deactivate | |
| rm -rf .venv | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install -r requirements.txt | |
| bash <(curl -s -L https://detect.blackduck.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=shap-toolbox --detect.project.version.name=v2.x --detect.source.path=. --detect.code.location.name="shap-toolbox_v2.x" --detect.excluded.directories=.venv,tests --blackduck.trust.cert=true --detect.notices.report=true --detect.notices.report.path=. | |
| mv shap_toolbox_v2_x_Black_Duck_Notices_Report.txt NOTICE.md | |
| deactivate | |
| rm -rf .venv | |
| cd ${GITHUB_WORKSPACE} | |
| - name: Install & Scan Veritas | |
| run: | | |
| cd stock-plugins/aiverify.stock.veritas/algorithms/veritastool | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install . | |
| pip freeze > requirements.txt | |
| deactivate | |
| rm -rf .venv | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install -r requirements.txt | |
| bash <(curl -s -L https://detect.blackduck.com/detect9.sh) --blackduck.url=https://blackduck.aipo-imda.net/ --blackduck.api.token=${{ secrets.BLACKDUCK_TOKEN }} --detect.detector.search.depth=0 --detect.project.name=veritas --detect.project.version.name=v2.x --detect.source.path=. --detect.code.location.name="veritas_v2.x" --detect.excluded.directories=.venv,tests --blackduck.trust.cert=true --detect.notices.report=true --detect.notices.report.path=. | |
| mv veritas_v2_x_Black_Duck_Notices_Report.txt NOTICE.md | |
| deactivate | |
| rm -rf .venv | |
| cd ${GITHUB_WORKSPACE} | |
| # - name: Commit All Notices File | |
| # env: | |
| # GH_TOKEN: ${{ github.token }} | |
| # run: | | |
| # git config --global user.name github-actions | |
| # git config --global user.email [email protected] | |
| # git pull | |
| # git branch update-notices | |
| # git switch update-notices | |
| # git add . | |
| # git commit -m "Update All Notices File" | |
| # git push --set-upstream origin update-notices | |
| # - name: Create & Merge Pull Request | |
| # env: | |
| # GH_TOKEN: ${{ github.token }} | |
| # run: | | |
| # gh pr create --base update-scan --title "Update All Notices File" --body "Update All Notices File" --head $(git branch --show-current) | |
| # gh pr merge --merge --admin |