vuu/.github/workflows/cve-scanning.yml at 9b294a87c6b09ba0a7befbfa72c574acfb6c28d1 · finos/vuu · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
name: Maven CVE Scanning

on:
  push:
    paths:
      - "**/pom.xml"
      - "allow-list.xml"
      - ".github/workflows/cve-scanning.yml"

jobs:
  depchecktest:
    runs-on: ubuntu-latest
    name: depecheck_test
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Build project with Maven
        run: mvn clean install
      - name: Depcheck
        uses: dependency-check/Dependency-Check_Action@78155aab85e9867e3c35f533e9ddad8ba7cdad7b # v2
        id: Depcheck
        with:
          project: "vuu"
          path: "./vuu"
          format: "HTML"
          out: "reports" # this is the default, no need to specify unless you wish to override it
          args: >
            --failOnCVSS 5
            --enableRetired
      - name: Upload Test results
        if: ${{ always() }}
        uses: actions/upload-artifact@v4
        with:
          name: Depcheck report
          path: ${{ github.workspace }}/reports