add sonatype

pfi79 · pfi79 · commit 269cb56c91dd · 2025-04-11T01:12:16.000+03:00
Signed-off-by: Fedor Partanskiy &lt;fredprtnsk@gmail.com&gt;
diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
@@ -64,3 +64,24 @@ jobs:
           go-version-file: go.mod
       - name: Scan
         run: go run github.com/google/osv-scanner/v2/cmd/osv-scanner@latest scan --lockfile=go.mod || (( $? > 1 && $? < 127 ))
+
+  sonatype:
+    if: github.event_name != 'schedule' || (github.event_name == 'schedule' && github.repository == 'hyperledger/fabric')
+    runs-on: ${{ github.repository == 'hyperledger/fabric' && 'fabric-ubuntu-22.04' || 'ubuntu-22.04' }}
+    strategy:
+      fail-fast: false
+      matrix:
+        ref:
+          - main
+          - release-2.5
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ matrix.ref }}
+      - uses: actions/setup-go@v5
+        with:
+          go-version: 1.24.2
+      - run: go list -json -deps ./... > go.list
+      - uses: sonatype-nexus-community/nancy-github-action@v1.0.3
+#        with:
+#          nancyCommand: 'sleuth --exclude-vulnerability CVE-2023-42319,CVE-2022-37450'
