Skip to content

chore(deps): update dependency org.kordamp.maven:pomchecker-maven-plugin to v1.14.0 #322

chore(deps): update dependency org.kordamp.maven:pomchecker-maven-plugin to v1.14.0

chore(deps): update dependency org.kordamp.maven:pomchecker-maven-plugin to v1.14.0 #322

name: Pull Request Verification and Security Scan
on:
pull_request:
jobs:
verify:
runs-on: ubuntu-latest
strategy:
matrix:
java: [17]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up Maven Central Repository
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: 'adopt'
- name: Cache SonarCloud packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build, test, verify and send to Sonarcloud
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: mvn -B -Pcoverage -Djdk.version=${{ matrix.java }} verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
- name: Scan with OWASP
if: always() # do not skip this step if Sonarcloud/verify fails the mvn build
run: mvn -B -Powasp dependency-check:check
- name: Upload scan results as SARIF report to GitHub Security Tab
uses: github/codeql-action/upload-sarif@v3
if: always() # do not skip this step if OWASP fails the mvn build
with:
sarif_file: target/dependency-check-report.sarif