Update synopsys.yaml

.github/workflows/synopsys.yaml

@@ -1,9 +1,10 @@
 name: Black Duck Policy Check
 on:
-  pull_request:
+  pull_request_target:
+  push:
     branches:
       - main
-  push:
+      - 'release-*'
 
 jobs:
   security:
@@ -12,6 +13,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          ref: "${{ github.event.pull_request.merge_commit_sha }}"
 
       - name: Setup Go
         uses: actions/setup-go@v5
@@ -21,10 +24,24 @@ jobs:
       - name: Build Project
         run: make build
 
-      - name: Run Synopsys Detect
-        uses: synopsys-sig/[email protected]
+      - name: Black Duck Full Scan
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: synopsys-sig/[email protected]
+        with:
+          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          blackduck_scan_full: true
+          blackduck_scan_failure_severities: 'BLOCKER,CRITICAL'
+
+      - name: Black Duck PR Scan
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: synopsys-sig/[email protected]
+        env:
+          DETECT_PROJECT_VERSION_NAME: ${{ github.base_ref }}
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          detect-version: 8.10.0
-          blackduck-url: ${{ secrets.BLACKDUCK_URL }}
-          blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          blackduck_scan_full: false
+          blackduck_prComment_enabled: true