Skip to content

Merge pull request #260 from gdcc/renovate/major-sonar.version #819

Merge pull request #260 from gdcc/renovate/major-sonar.version

Merge pull request #260 from gdcc/renovate/major-sonar.version #819

name: OWASP Security Scan
on:
push:
branches:
- branch-5.0
schedule:
# Note: "*" is a special character in YAML so you have to quote this string
# Every Mon-Fri at 6am UTC
- cron: '0 6 * * 1-5'
jobs:
scan:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v4
- name: Set up Maven Central Repository
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'adopt'
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Scan with OWASP
run: mvn -B -Powasp compile dependency-check:check -pl '!report,!xoai-data-provider-tck'
- name: Upload scan results as SARIF report to GitHub Security Tab
uses: github/codeql-action/upload-sarif@v3
if: always() # do not skip this step if OWASP fails the mvn build
with:
sarif_file: target/dependency-check-report.sarif