Skip to content

Commit

Permalink
dependency-check
Browse files Browse the repository at this point in the history
  • Loading branch information
133tosakarin committed Dec 3, 2024
1 parent 68daea6 commit 56f98f2
Showing 1 changed file with 56 additions and 0 deletions.
56 changes: 56 additions & 0 deletions .github/workflows/vulnerability-check.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
name: vulnerability-check
on:
schedule:
# Run at UTC 00:00 every week (CST 03:00 AM)
- cron: '0 0 * * 3'
push:
branches:
- master
pull_request:
branches:
- master

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

env:
MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3
MAVEN_ARGS: --batch-mode --no-transfer-progress
DEVELOCITY_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}

jobs:
dependency-check:
strategy:
fail-fast: false
max-parallel: 15
matrix:
java: [ 17 ]
os: [ ubuntu-latest ]
runs-on: ${{ matrix.os }}

steps:
- uses: actions/checkout@v4
- name: Set up JDK ${{ matrix.java }}
uses: actions/setup-java@v4
with:
distribution: corretto
java-version: ${{ matrix.java }}
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2-
- name: Do the dependency-check:check
shell: bash
run: mvn org.owasp:dependency-check-maven:check
- name: Do the dependency-check:aggregate
shell: bash
run: mvn org.owasp:dependency-check-maven:aggregate
- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: vulnerability-check-result${{ matrix.java }}-${{ runner.os }}
path: target/dependency-check-report.html
retention-days: 15

0 comments on commit 56f98f2

Please sign in to comment.