Black Duck integration and added config to run bundle install to generate lock file at runtime

[sanjain-progress]

This pull request introduces a new GitHub Actions workflow stub for CI on the main branch and significantly enhances the SonarQube configuration for the repository. The changes focus on improving CI/CD automation and providing a more comprehensive and maintainable SonarQube analysis setup.

CI/CD Workflow Enhancements:

• Added a new workflow file .github/workflows/ci-main-pull-request-stub-1.0.7.yml that serves as a stub to call a common GitHub Action for CI checks on pull requests and pushes to the main and release/** branches. This workflow:
  • Detects custom repository properties (like application name, build language, and build profile) using the GitHub API and outputs them for downstream jobs.
  • Calls a shared workflow (ci-main-pull-request.yml) with a wide range of configurable inputs for build, test, security scanning, packaging, and reporting, supporting advanced features like SonarQube, BlackDuck, Polaris, and SBOM generation.

Description

Related Issue

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Chore (non-breaking change that does not add functionality or fix an issue)

Checklist:

• I have read the CONTRIBUTING document.
• I have run the pre-merge tests locally and they pass.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• If Gemfile.lock has changed, I have used --conservative to do it and included the full output in the Description above.
• All new and existing tests passed.
• All commits have been signed-off for the Developer Certificate of Origin.