ci: vulnerability-scanning for both jar and war

GIScience · Feb 1, 2024 · 3c53052 · 3c53052
1 parent ab2c3b1
commit 3c53052
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/vulnerability-scanning.yml b/.github/workflows/vulnerability-scanning.yml
@@ -54,8 +54,10 @@ jobs:
       - name: Build war file
         run: |
           mvn -B package -DskipTests -DCI=true
-          # Copy the .war file to a custom location where grype can find it
+          # Copy the .jar file to a custom location where grype can find it
           mkdir -p ors-api/target/grype
+          cp ors-api/target/ors.jar ors-api/target/grype/ors.jar
+          mvn -B package -DskipTests -PbuildWar -DCI=true
           cp ors-api/target/ors.war ors-api/target/grype/ors.war
       - name: Run the Anchore Grype scan action to console
         uses: anchore/scan-action@v3