Skip to content

v2.136.0 changelog update #2002

v2.136.0 changelog update

v2.136.0 changelog update #2002

Workflow file for this run

name: SAST
on:
push:
branches:
- main
pull_request:
branches:
- main
schedule:
- cron: '45 6 * * *'
jobs:
buildmavenDepTree:
runs-on: ubuntu-latest
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: audit
- name: Checkout code
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- name: Set up JDK 11
uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0
with:
java-version: '11'
distribution: 'temurin'
cache: 'maven'
- name: Generate dependency tree
run: |
find . -name "pom.xml" -execdir mvn -q dependency:tree -DoutputFile=maven_dep_tree.txt -Dmaven.test.skip=true \;
- name: Create zip with all dependency trees
run: find . -type f -name 'maven_dep_tree.txt' -exec zip -r deptree.zip {} +
- name: Upload zip
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: deptree
path: deptree.zip
sast:
needs: buildmavenDepTree
name: sast
runs-on: ubuntu-latest
permissions:
contents: read
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
container:
image: semgrep/semgrep
if: (github.actor != 'dependabot[bot]')
steps:
- name: Checkout code
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- name: Download Maven Dependencies
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with:
name: deptree
- name: Extract zip and run Semgrep
run: |
unzip -o deptree.zip
semgrep ci > /dev/null 2>&1 || exit $?