Add blackduck and codeql scans

.github/actions/scan-with-blackduck/action.yml

@@ -0,0 +1,62 @@
+name: Scan with BlackDuck
+description: Scans the project with BlackDuck
+
+inputs:
+  blackduck_token:
+    description: The token to use for BlackDuck authentication
+    required: true
+  github_token:
+    description: The token to use for GitHub authentication
+    required: true
+  java-version:
+    description: The version of Java to use
+    default: '17'
+    required: false
+  maven-version:
+    description: The Maven version the build shall run with.
+    required: true
+  scan_mode:
+    description: The scan mode to use (FULL or RAPID)
+    default: 'RAPID'
+    required: false
+
+runs:
+  using: composite
+  steps:
+    - name: Set up Java ${{ inputs.java-version }}
+      uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
+      with:
+        java-version: ${{ inputs.java-version }}
+        distribution: sapmachine
+        cache: maven
+
+    - name: Set up Maven ${{ inputs.maven-version }}
+      uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
+      with:
+        maven-version: ${{ inputs.maven-version }}
+
+    - name: Get Revision
+      id: get-revision
+      run: |
+        echo "REVISION=$(mvn help:evaluate -Dexpression=revision -q -DforceStdout)" >> $GITHUB_OUTPUT
+      shell: bash
+
+    - name: BlackDuck Security Scan
+      uses: blackduck-inc/black-duck-security-scan@659a0742e793a093377fab3117b0d90f23b04bfa # v2.9.0
+      with:
+        blackducksca_url: https://sap.blackducksoftware.com/
+        blackducksca_token: ${{ inputs.blackduck_token }}
+        blackducksca_scan_full: ${{ inputs.scan_mode == 'FULL' }}
+        github_token: ${{ inputs.github_token }}
+        detect_args: >
+          --detect.project.name=sap.capire.plugin-template-emoji
+          --detect.project.version.name=${{ steps.get-revision.outputs.REVISION }}
+          --detect.included.detector.types=MAVEN
+          --detect.excluded.directories=**/node_modules,**/*test*,**/localrepo,**/target/site,**/*-site.jar,**/samples/**
+          --detect.tools=DETECTOR,BINARY_SCAN
+          --detect.risk.report.pdf=false
+          --logging.level.detect=INFO
+      env:
+        BLACKDUCKSCA_TOKEN: ${{ inputs.blackduck_token }}
+        BLACKDUCKSCA_URL: https://sap.blackducksoftware.com/
+        BLACKDUCK_API_TOKEN: ${{ inputs.blackduck_token }}

.github/actions/scan-with-codeql/action.yml

@@ -0,0 +1,45 @@
+name: Scan with CodeQL
+description: Scans the project with CodeQL
+
+inputs:
+  java-version:
+    description: The Java version to use for the build.
+    required: true
+  maven-version:
+    description: The Maven version to use for the build.
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Set up Java ${{ inputs.java-version }}
+      uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
+      with:
+        java-version: ${{ inputs.java-version }}
+        distribution: sapmachine
+        cache: maven
+
+    - name: Set up Maven ${{ inputs.maven-version }}
+      uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
+      with:
+        maven-version: ${{ inputs.maven-version }}
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@ed410739ba306e4ebe5e123421a6bd694e494a2b # v4
+      with:
+        languages: java-kotlin
+        build-mode: manual
+        queries: security-extended
+
+    - name: Install @sap/cds-dk
+      run: npm i -g @sap/cds-dk
+      shell: bash
+
+    - name: Build Java code
+      run: mvn clean compile -B -ntp -Dcds.install-node.skip
+      shell: bash
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@ed410739ba306e4ebe5e123421a6bd694e494a2b # v4
+      with:
+        category: "/language:java-kotlin"