Merge pull request #301 from finos/josspo-patch-1 #476

	name: CVE Scanning for Gradle

	on:
	push:

	jobs:
	depchecktest:
	runs-on: ubuntu-latest
	name: depecheck_test
	steps:
	- name: Checkout
	uses: actions/checkout@v2
	- name: Build project with Gradle
	run: gradle clean build
	working-directory: gradle
	- name: Depcheck
	uses: dependency-check/Dependency-Check_Action@1b5d19fd4a32ff0ff982e8c9d8e27dbf7ac8a46c
	id: Depcheck
	with:
	project: 'gradle'
	path: 'gradle'
	format: 'HTML'
	out: 'reports' # this is the default, no need to specify unless you wish to override it
	args: >
	--suppression ./gradle/allow-list.xml
	--failOnCVSS 5
	--enableRetired
	--exclude **/gradle-0.0.1.jar

	- name: Upload Test results
	if: ${{ always() }}
	uses: actions/upload-artifact@v2
	with:
	name: Depcheck report
	path: ${{ github.workspace }}/reports

Provide feedback