From cfb56494a969d016aefbe24b0df451f1fe6b5e92 Mon Sep 17 00:00:00 2001
From: Marvin Lindner <marvin.lindner@sap.com>
Date: Thu, 21 May 2026 12:06:31 +0200
Subject: [PATCH] fix

---
 .github/actions/build/action.yml               |  4 ++++
 .github/actions/scan-with-blackduck/action.yml | 12 +++++-------
 .github/workflows/release.yml                  |  1 +
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml
index 8982a214..155db70a 100644
--- a/.github/actions/build/action.yml
+++ b/.github/actions/build/action.yml
@@ -24,6 +24,10 @@ runs:
       with:
         maven-version: ${{ inputs.maven-version }}
 
+    - name: Install @sap/cds-dk
+      run: npm i -g @sap/cds-dk@9.9.1
+      shell: bash
+
     - name: Maven Build
       run: mvn clean install -DskipTests -B -ntp
       shell: bash
diff --git a/.github/actions/scan-with-blackduck/action.yml b/.github/actions/scan-with-blackduck/action.yml
index f862b615..71dd6ba3 100644
--- a/.github/actions/scan-with-blackduck/action.yml
+++ b/.github/actions/scan-with-blackduck/action.yml
@@ -15,6 +15,9 @@ inputs:
   maven-version:
     description: The Maven version the build shall run with.
     required: true
+  version:
+    description: The project version to report to Black Duck (e.g. release tag).
+    required: true
   scan_mode:
     description: The scan mode to use (FULL or RAPID)
     default: 'FULL'
@@ -35,12 +38,6 @@ runs:
       with:
         maven-version: ${{ inputs.maven-version }}
 
-    - name: Get Revision
-      id: get-revision
-      run: |
-        echo "REVISION=$(mvn help:evaluate -Dexpression=revision -q -DforceStdout)" >> $GITHUB_OUTPUT
-      shell: bash
-
     - name: BlackDuck Security Scan
       uses: blackduck-inc/black-duck-security-scan@659a0742e793a093377fab3117b0d90f23b04bfa # v2.9.0
       with:
@@ -50,7 +47,8 @@ runs:
         github_token: ${{ inputs.github_token }}
         detect_args: >
           --detect.project.name=com.sap.cds.feature.attachments
-          --detect.project.version.name=${{ steps.get-revision.outputs.REVISION }}
+          --detect.project.version.name=${{ inputs.version }}
+          --detect.project.group.name=CDSJAVA-OPEN-SOURCE
           --detect.included.detector.types=MAVEN
           --detect.excluded.directories=**/*test*,**/samples/**
           --detect.maven.included.modules=cds-feature-attachments,cds-feature-attachments-oss,cds-feature-attachments-fs
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c2472375..ac2d27ce 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -36,6 +36,7 @@ jobs:
           blackduck_token: ${{ secrets.BLACK_DUCK_TOKEN }}
           github_token: ${{ secrets.GITHUB_TOKEN }}
           maven-version: ${{ env.MAVEN_VERSION }}
+          version: ${{ github.event.release.tag_name }}
 
   update-version:
     needs: requires-approval