add a GitHub action for PRs to check for vulnerabilities

Alexander Pann · Alexander Pann · commit eb4a80f0d8eb · 2024-12-05T18:43:21.000+01:00
diff --git a/.github/workflows/vulnerability-scanning.yml b/.github/workflows/vulnerability-scanning.yml
@@ -0,0 +1,33 @@
+on: [pull_request]
+
+jobs:
+  depchecktest:
+    runs-on: ubuntu-latest
+    name: depecheck_test
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      - name: Setup Java
+        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4
+        with:
+          distribution: temurin
+          java-version: 17
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4
+      - name: Call setup
+        run: ./gradlew dependencies
+      - name: Depcheck
+        uses: dependency-check/Dependency-Check_Action@3102a65fd5f36d0000297576acc56a475b0de98d
+        env:
+          # actions/setup-java changes JAVA_HOME, so it needs to be reset to match the depcheck image
+          JAVA_HOME: /opt/jdk
+        id: Depcheck
+        with:
+          project: 'iets3.opensource'
+          format: 'HTML'
+          out: 'reports'
+      - name: Upload Test results
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
+        with:
+           name: Depcheck report
+           path: ${{github.workspace}}/reports
