File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ name : SAST
2+ on :
3+ push :
4+ branches :
5+ - main
6+ pull_request :
7+ branches :
8+ - main
9+ schedule :
10+ - cron : ' 45 6 * * *'
11+ jobs :
12+ buildmavenDepTree :
13+ runs-on : ubuntu-latest
14+ steps :
15+ - name : Checkout code
16+ uses : actions/checkout@v4
17+ - name : Set up JDK 11
18+ uses : actions/setup-java@v4
19+ with :
20+ java-version : ' 11'
21+ distribution : ' temurin'
22+ cache : ' maven'
23+ - name : Generate dependency tree
24+ run : |
25+ find . -name "pom.xml" -execdir mvn -q dependency:tree -DoutputFile=maven_dep_tree.txt -Dmaven.test.skip=true \;
26+ - name : Create zip with all dependency trees
27+ run : find . -type f -name 'maven_dep_tree.txt' -exec zip -r deptree.zip {} +
28+ - name : Upload zip
29+ uses : actions/upload-artifact@v4
30+ with :
31+ name : deptree
32+ path : deptree.zip
33+ sast :
34+ needs : buildmavenDepTree
35+ name : sast
36+ runs-on : ubuntu-latest
37+ permissions :
38+ contents : read
39+ env :
40+ SEMGREP_APP_TOKEN : ${{ secrets.SEMGREP_APP_TOKEN }}
41+ container :
42+ image : semgrep/semgrep
43+ if : (github.actor != 'dependabot[bot]')
44+ steps :
45+ - name : Checkout code
46+ uses : actions/checkout@v4
47+ - name : Download Maven Dependencies
48+ uses : actions/download-artifact@v4
49+ with :
50+ name : deptree
51+ - name : Extract zip and run Semgrep
52+ run : |
53+ unzip -o deptree.zip
54+ semgrep ci > /dev/null 2>&1 || exit $?
You can’t perform that action at this time.
0 commit comments