Skip to content

OWASP dependency scanner #64

OWASP dependency scanner

OWASP dependency scanner #64

Workflow file for this run

name: "OWASP dependency scanner"
on:
workflow_dispatch: # Additionally allow to trigger manually
push:
branches: main
paths-ignore:
- '**/*.md'
- '**/*.txt'
pull_request:
branches: main
paths:
- '**/pom.xml'
- 'pom.xml'
- '.config/owasp-suppressions.xml'
schedule:
- cron: '0 0 * * *' # Once a day
jobs:
analyze:
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
name: owasp-check
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Cache maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: run maven owasp plugin
run: mvn --batch-mode clean package dependency-check:aggregate -Pdependency-check -DskipTests
- name: upload results
if: always()
uses: actions/upload-artifact@v4
with:
path: 'target/dependency-check-report.html'