OWASP dependency scanner #141

	name: "OWASP dependency scanner"

	on:
	workflow_dispatch: # Additionally allow to trigger manually

	push:
	branches: main
	paths-ignore:
	- '*/.md'
	- '*/.txt'
	pull_request:
	branches: main
	paths:
	- '**/pom.xml'
	- 'pom.xml'
	- '.config/owasp-suppressions.xml'
	schedule:
	- cron: '0 0 * * *' # Once a day

	jobs:
	analyze:
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read

	name: owasp-check
	steps:
	- uses: actions/checkout@v4

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'

	- name: Cache maven packages
	uses: actions/cache@v4
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2

	- name: run maven owasp plugin
	run: mvn --batch-mode clean package dependency-check:aggregate -Pdependency-check -DskipTests

	- name: upload results
	if: always()
	uses: actions/upload-artifact@v4
	with:
	path: 'target/dependency-check-report.html'

Provide feedback