Skip to content

Merge pull request #178 from gdcc/renovate/spotless.version #460

Merge pull request #178 from gdcc/renovate/spotless.version

Merge pull request #178 from gdcc/renovate/spotless.version #460

name: OWASP Security Scan
on:
push:
branches:
- branch-5.0
schedule:
# Note: "*" is a special character in YAML so you have to quote this string
# Every Mon-Fri at 6am UTC
- cron: '0 6 * * 1-5'
jobs:
scan:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v3
- name: Set up Maven Central Repository
uses: actions/setup-java@v3
with:
java-version: '11'
distribution: 'adopt'
- name: Cache Maven packages
uses: actions/cache@v3
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Scan with OWASP
run: mvn -B -Powasp compile dependency-check:check -pl '!report,!xoai-data-provider-tck'
- name: Upload scan results as SARIF report to GitHub Security Tab
uses: github/codeql-action/upload-sarif@v2
if: always() # do not skip this step if OWASP fails the mvn build
with:
sarif_file: target/dependency-check-report.sarif