Keyfactor · indrora · Dec 13, 2025 · Dec 13, 2025
diff --git a/.github/workflows/kf-polaris-scan.yml b/.github/workflows/kf-polaris-scan.yml
@@ -7,15 +7,13 @@ on:
       token:
         description: 'Secret token from caller workflow to access private packages'
         required: true
+
     inputs:
       scan_branch:
         description: Incoming branch to release or main
         required: true
         type: string
-
-
-
-
+
 jobs:
   build:
     runs-on: [ ubuntu-latest ]
@@ -24,22 +22,15 @@ jobs:
       - name: Checkout Source
         uses: actions/checkout@v4
       - name: Polaris Scan
-        uses: keyfactor/synopsys-action@v1.10.0
+        uses: blackduck-inc/black-duck-security-scan@v2
         with:
           ### SCANNING: Required fields
-          polaris_server_url: 'https://polaris.synopsys.com'
-          polaris_access_token: ${{ secrets.token }}
+          polaris_server_url: 'https://polaris.blackduck.com'
+          polaris_access_token: ${{ secrets.POLARIS_TOKEN }}
           polaris_assessment_types: "SCA,SAST"
-          polaris_application_id: 'Integrations'
-          polaris_project_id: ${{ github.event.repository.name }}
-          polaris_branch_id: ${{ inputs.scan_branch }}
 
-          ## SCANNING: Optional fields
-          polaris_application_name: 'Integrations'
-          polaris_project_name: ${{ github.event.repository.name }}
-          polaris_assessment_mode: "SOURCE_UPLOAD"
-          polaris_branch_name: ${{ github.scan_branch }}
-
-          # ## PULL REQUEST COMMENTS: Uncomment below to enable
-          # polaris_prComment_enabled: false
-          # github_token: ${{ secrets.GITHUB_TOKEN }} # Required when PR comments is enabled
+          polaris_application_name: integrations-${{ github.event.repository.name }}
+          github_token: ${{ secrets.token }}
+
+          polaris_test_sast_location: "remote"
+          polaris_test_sca_location: "remote"