OWASP Security Scan #891
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: OWASP Security Scan | |
on: | |
push: | |
branches: | |
- branch-5.0 | |
schedule: | |
# Note: "*" is a special character in YAML so you have to quote this string | |
# Every Mon-Fri at 6am UTC | |
- cron: '0 6 * * 1-5' | |
jobs: | |
scan: | |
runs-on: ubuntu-latest | |
permissions: | |
security-events: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Maven Central Repository | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'adopt' | |
- name: Cache Maven packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Scan with OWASP | |
run: mvn -B -Powasp compile dependency-check:check -pl '!report,!xoai-data-provider-tck' | |
- name: Upload scan results as SARIF report to GitHub Security Tab | |
uses: github/codeql-action/upload-sarif@v3 | |
if: always() # do not skip this step if OWASP fails the mvn build | |
with: | |
sarif_file: target/dependency-check-report.sarif |