MLE-22024: Add BlackDuck scan for latest images

[rwinieski]

Description

Checklist:

• Owner:

• JIRA_ID as part of branch/PR name

• Rebase the branch with upstream

• Squashed all commits into a single commit

• Added Tests

• Reviewer:

• Reviewed Tests

• Added to Release Wiki/Jira

[Copilot]

Pull Request Overview

This PR adds a dedicated BlackDuck security scan for Docker images built on the master branch by defining a new scan function and integrating it into the pipeline.

• Introduces masterBranchBlackDuckScan() function to run, archive, and notify on detailed BlackDuck scans
• Updates the existing develop-stage BlackDuck scan to skip master builds
• Adds a new Master-BlackDuck-Scan stage that invokes the comprehensive scan on master

[Copilot]

[nitpick] Consider cleaning or removing any existing blackduck-scan-results directory before creating it (e.g., rm -rf blackduck-scan-results && mkdir -p blackduck-scan-results) to avoid stale artifacts from previous runs.

Suggested change

	sh "mkdir -p blackduck-scan-results"
	sh "rm -rf blackduck-scan-results && mkdir -p blackduck-scan-results"

[Copilot]

[nitpick] The BlackDuck URL (and similarly the project name later) is hardcoded in multiple places; extract these values into variables or parameters at the top of the script to reduce duplication and simplify future updates.

Suggested change

	export BLACKDUCK_URL='https://progresssoftware.app.blackduck.com'
	export BLACKDUCK_API_TOKEN='${BLACKDUCK_TOKEN}'
	# Run detect script for Docker image scan
	curl -s -L https://detect.synopsys.com/detect8.sh | bash -s -- \
	--blackduck.trust.cert=true \
	--detect.tools=DOCKER \
	--detect.project.name='MarkLogic-Docker-Images' \
	export BLACKDUCK_URL='${blackDuckURL}'
	export BLACKDUCK_API_TOKEN='${BLACKDUCK_TOKEN}'
	# Run detect script for Docker image scan
	curl -s -L https://detect.synopsys.com/detect8.sh | bash -s -- \
	--blackduck.trust.cert=true \
	--detect.tools=DOCKER \
	--detect.project.name='${blackDuckProjectName}' \