CVE Scanning for Maven Projects #863

	name: CVE Scanning for Maven Projects

	permissions:
	contents: read

	on:
	workflow_dispatch:
	schedule:
	- cron: '0 8,18 * * 1-5'
	push:
	paths:
	- '**/pom.xml'
	- '.github/workflows/maven-cve-ignore-list.xml'
	- '.github/workflows/cve-scanning-maven.yml'
	pull_request:
	paths:
	- '**/pom.xml'
	- '.github/workflows/maven-cve-ignore-list.xml'
	- '.github/workflows/cve-scanning-maven.yml'

	jobs:
	depchecktest:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	java-version: ['21']
	module-folder: ['calm-hub']
	steps:
	- name: Checkout
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6

	- name: Setup JDK
	uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
	with:
	java-version: ${{ matrix.java-version }}
	cache: maven
	distribution: 'adopt'

	- name: Build and run dependency check with Maven
	run: mvn -U clean verify -DskipTests -P dependency-check
	working-directory: ${{ matrix.module-folder }}
	env:
	NVD_API_KEY: ${{ secrets.NVD_API_KEY }}

	- name: Upload Test results
	if: ${{ always() }}
	uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5
	with:
	name: Depcheck report ${{ github.job }} ${{ matrix.module-folder }}
	path: ${{ github.workspace }}/${{ matrix.module-folder }}/target/dependency-check-report.*

Provide feedback