Skip to content

OWASP Security Scan #946

OWASP Security Scan

OWASP Security Scan #946

name: OWASP Security Scan
on:
push:
branches:
- main
schedule:
# Note: "*" is a special character in YAML so you have to quote this string
# Every Mon-Fri at 6am UTC
- cron: '0 6 * * 1-5'
jobs:
scan:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v4
- name: Set up Maven Central Repository
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'adopt'
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Scan with OWASP
run: mvn -B -Powasp dependency-check:check
- name: Upload scan results as SARIF report to GitHub Security Tab
uses: github/codeql-action/upload-sarif@v3
if: always() # do not skip this step if OWASP fails the mvn build
with:
sarif_file: target/dependency-check-report.sarif