From f1e4bf04527f6834061841dcb85daf22b0c89584 Mon Sep 17 00:00:00 2001
From: Wattachai Kanawitoon <117723407+wattachai-lseg@users.noreply.github.com>
Date: Thu, 10 Aug 2023 15:13:27 +0700
Subject: [PATCH] fix: pin npm as the only blackduck scan detector

---
 .github/workflows/blackduck_scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/blackduck_scan.yml b/.github/workflows/blackduck_scan.yml
index affb562544..aa6126d13d 100644
--- a/.github/workflows/blackduck_scan.yml
+++ b/.github/workflows/blackduck_scan.yml
@@ -47,4 +47,4 @@ jobs:
           --blackduck.api.token="${{ secrets.BLACKDUCK_APP_TOKEN }}" \
           --blackduck.url="${{ vars.BLACKDUCK_URL }}" \
           --blackduck.trust.cert=true \
-          --detect.lerna.path="./node_modules/.bin/lerna" # make sure blackduck use lerna from npm package rather than shell one
+          --detect.accuracy.required="NPM" # lerna fails to detect dependencies and list them as BOM on blackduck