diff --git a/.github/workflows/Coverity-self-hosted-Incremental.yml b/.github/workflows/Coverity-self-hosted-Incremental.yml
new file mode 100644
index 00000000..d67387be
--- /dev/null
+++ b/.github/workflows/Coverity-self-hosted-Incremental.yml
@@ -0,0 +1,51 @@
+
+name: Run Coverity on Self-Hosted Agent INCREMENTAL
+on: [push]
+
+jobs:
+  synopsys_coverity:
+    name: Synopsys Coverity
+    #runs-on: ubuntu-latest
+    runs-on: self-hosted
+
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        fetch-depth: '0'
+
+    - name: Set up JDK 1.8
+      uses: actions/setup-java@v1
+      with:
+        java-version: 1.8
+    #- name: Build with Maven
+    #  run: mvn -B package --file pom.xml
+
+    - run: |
+        pwd
+        ls -a
+
+    - name: Get Changed File List 
+      run: |
+        echo Getting files for changeset SHA:  $GITHUB_SHA
+        git show $GITHUB_SHA --name-only --pretty=""
+        git show $GITHUB_SHA --name-only --pretty="" |tr '\n' ' '
+        export FILES=`git show $GITHUB_SHA --name-only --pretty="" |tr '\n' ' '`
+        echo File List==$FILES
+        echo "::set-env name=FILES_TO_ANALYZE::$FILES"
+
+    - name: variable test
+      run: |
+        echo $FILES_TO_ANALYZE
+
+    - name: C-R-D Setup              
+      run: |
+        cov-run-desktop --setup --user admin --password SIGpass8!   
+    
+    - name: Run Incremental Analysis
+      run: |
+        cov-run-desktop --webapp-security --reference-snapshot latest --ignore-uncapturable-inputs true --scm git $FILES_TO_ANALYZE
+    
+        
+    # - name: Cov-Commit-Defects
+    #   run: |
+    #     cov-commit-defects --dir idir --host 52.188.212.142 --stream java-sec-code --user admin --password SIGpass8!
diff --git a/.github/workflows/Coverity-self-hosted.yml b/.github/workflows/Coverity-self-hosted.yml
new file mode 100644
index 00000000..0731bbdd
--- /dev/null
+++ b/.github/workflows/Coverity-self-hosted.yml
@@ -0,0 +1,33 @@
+
+name: Run Coverity on Self-Hosted Agent
+on: [release]
+
+jobs:
+  synopsys_coverity:
+    name: Synopsys Coverity
+    #runs-on: ubuntu-latest
+    runs-on: self-hosted
+
+    steps:
+    - uses: actions/checkout@v1
+    - name: Set up JDK 1.8
+      uses: actions/setup-java@v1
+      with:
+        java-version: 1.8
+    #- name: Build with Maven
+    #  run: mvn -B package --file pom.xml
+           
+    - name: Cov-Build              
+      run: |
+        cov-configure -c cov-config\cov-config.xml --java
+     
+        cov-build --dir idir -c cov-config\cov-config.xml --no-security-da mvn install -DskipTests
+    #   cov-configure -c cov-config\cov-config.xml --javascript
+    - name: Cov-Analyze
+      run: |
+        cov-analyze --dir idir --webapp-security --disable-fb 
+    # --export-summaries false
+        
+    - name: Cov-Commit-Defects
+      run: |
+        cov-commit-defects --dir idir --host 52.188.212.142 --stream java-sec-code --user admin --password SIGpass8!
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 00000000..42d170ee
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,45 @@
+
+name: Run Coverity On Polaris
+on: [release]
+
+jobs:
+  synopsys_coverity:
+    name: Synopsys Coverity
+    #runs-on: ubuntu-latest
+    runs-on: self-hosted
+
+    steps:
+    - uses: actions/checkout@v1
+    - name: Set up JDK 1.8
+      uses: actions/setup-java@v1
+      with:
+        java-version: 1.8
+    #- name: Build with Maven
+    #  run: mvn -B package --file pom.xml
+           
+    - name: Download Coverity Analysis Engine
+      run: |
+        curl http://52.188.212.142:8080/downloadFile.htm?fn=cov-analysis-linux64-2020.06.tar.gz -o cov-analysis-linux64-2020.06.tar.gz -LO -u admin:SIGpass8!
+        tar -xf cov-analysis-linux64-2020.06.tar.gz
+        curl http://52.188.212.142:8080/downloadFile.htm?fn=analysis-license.dat -o license.dat -LO -u admin:SIGpass8!
+        mv license.dat ./cov-analysis-linux64-2020.06/bin
+        
+    - name: Cov-Build              
+      run: |
+        ./cov-analysis-linux64-2020.06/bin/cov-configure --java
+        ./cov-analysis-linux64-2020.06/bin/cov-build --dir idir mvn install
+    
+    - name: Cov-Analyze
+      run: |
+        ./cov-analysis-linux64-2020.06/bin/cov-analyze --dir idir --webapp-security
+        
+      
+    #- name: npm install
+    #  run: npm install        
+        
+    #- name: Synopsys Detect Action
+    
+#  uses: blackducksoftware/github-action@1.0.1
+ #     env:
+  #      BLACKDUCK_URL: ${{ secrets.BLACKDUCK_URL}}
+   #     BLACKDUCK_API_TOKEN: ${{ secrets.BLACKDUCK_API_TOKEN}}
diff --git a/.gitignore b/.gitignore
index 2b8dab5d..18d35c78 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,11 @@ docker/
 poc/
 src/main/java/org/joychou/test/
 *.iml
-docker_jdk_build.sh
\ No newline at end of file
+docker_jdk_build.sh
+data-coverity
+.synopsys
+idir
+.classpath
+.factorypath
+.project
+.settings
\ No newline at end of file
diff --git a/BlackDuckFilesChanged.sh b/BlackDuckFilesChanged.sh
new file mode 100644
index 00000000..165ca8e2
--- /dev/null
+++ b/BlackDuckFilesChanged.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+# Create arr with file extensions to trigger Black Duck scan
+
+arr=(
+"compile_commands.json"
+"Podfile.lock"
+"environment.yml"
+"Makefile.PL"
+"packrat.lock"
+"Gopkg.lock"
+"gogradle.lock"
+"go.mod"
+"vendor/vendor.json"
+"vendor.conf"
+"build.gradle"
+"build.gradle.kts"
+"rebar.config"
+"pom.xml"
+"pom.groovy"
+"package.json"
+"package-lock.json"
+"npm-shrinkwrap.json"
+"composer.lock"
+"composer.json"
+"package.xml"
+"Pipfile.lock"
+"setup.py"
+"Gemfile.lock"
+"build.sbt"
+"Package.swift"
+"yarn.lock") 
+
+# Get files changed from git project
+
+OUTPUT=($(git show --name-only --oneline))
+
+echo "Looking for changed files in" $(pwd)
+
+# Check to see if any of the changed files should trigger a Black Duck scan
+
+for i in "${OUTPUT[@]}"
+do
+    for j in "${arr[@]}"
+    do
+        if [[ "$j" =~ "$i" ]]; then
+            echo "$i was changed, Black Duck scan should run"
+            exit 1
+        fi
+    done
+
+done 
+
+# Check each element in array
+
+echo "No files which trigger Black Duck SCA have been found."
+exit 0
\ No newline at end of file
diff --git a/coverity.conf b/coverity.conf
new file mode 100644
index 00000000..5b0fe019
--- /dev/null
+++ b/coverity.conf
@@ -0,0 +1,14 @@
+  {
+    "type": "Coverity configuration",
+    "format_version": 1,
+    "settings": {
+      "server": {
+        "host": "52.188.212.142"                 // CC host name
+      },
+      "stream": "java-sec-code",                         // CC stream name
+      "cov_run_desktop": {
+        "build_cmd": ["mvn", "install", "-DskipTests"],   // build command
+        "clean_cmd": ["mvn", "clean"]                 // clean command
+      }
+    }
+  }
\ No newline at end of file
diff --git a/jenkinsfile b/jenkinsfile
new file mode 100644
index 00000000..68cc810d
--- /dev/null
+++ b/jenkinsfile
@@ -0,0 +1,36 @@
+pipeline {
+    agent any
+    tools {
+        maven 'maven 3.6.3'
+    }
+    stages {
+        
+        stage('Get Latest Code') {
+            steps {
+                checkout scm
+            }
+        }
+        
+        stage('Synopsys Black Duck') {
+            steps {
+                script {
+                    echo 'Files that were changed in last commit: '
+                    sh 'git show --name-only --oneline'
+                   
+                    def status = sh(returnStatus: true, script:'bash BlackDuckFilesChanged.sh')
+                    if (status == 1) {
+                        echo 'Starting Black Duck Scan ...'
+
+                        // ToDo:  Add Detect call here
+                        //
+                        synopsys_detect '--detect.tools=DETECTOR --detect.project.name=SPM-${JOB_NAME} --detect.project.version.name=${GIT_BRANCH}'
+                    }
+                    else {
+                        echo 'No Changes, Black Duck scan skipped'
+                    }
+
+                }
+            }
+        }
+    }
+}
diff --git a/jenkinsfile-BD b/jenkinsfile-BD
new file mode 100644
index 00000000..f9fbee1b
--- /dev/null
+++ b/jenkinsfile-BD
@@ -0,0 +1,33 @@
+pipeline {
+    agent any
+    tools {
+        //maven 'maven 3.6.3'
+        maven 'Apache Maven'
+    }
+    stages {
+        
+        stage('Get Latest Code') {
+            steps {
+                checkout scm
+            }
+        }
+        
+        stage('Build') {
+            steps {
+                sh 'mvn -DskipTests=true install'
+            }
+        }
+
+        stage('Synopsys Black Duck') {
+            steps {
+                script {
+
+                    // ToDo:  Add Detect call here
+                    //
+                    synopsys_detect '--detect.tools=DETECTOR --detect.project.name=SPM-${JOB_NAME} --detect.project.version.name=${GIT_BRANCH}'
+
+                }
+            }
+        }
+    }
+}
diff --git a/pom.xml b/pom.xml
index 6e5c2455..9ada208f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,7 +10,7 @@
     <packaging>war</packaging>
 
     <properties>
-        <maven.compiler.source>1.8</maven.compiler.source> <!-- mvn clean package-->
+        <maven.compiler.source>1.8</maven.compiler.source> <!-- mvn clean package    -->
         <maven.compiler.target>1.8</maven.compiler.target>
     </properties>
 
diff --git a/src/main/java/org/joychou/security/SecurityUtil.java b/src/main/java/org/joychou/security/SecurityUtil.java
index ee962846..b565ede1 100644
--- a/src/main/java/org/joychou/security/SecurityUtil.java
+++ b/src/main/java/org/joychou/security/SecurityUtil.java
@@ -14,7 +14,8 @@
 import java.util.ArrayList;
 import java.util.regex.Pattern;
 
-
+//sean comment!!
+// second edit.
 public class SecurityUtil {
 
     private static final Pattern FILTER_PATTERN = Pattern.compile("^[a-zA-Z0-9_/\\.-]+$");