Update bundle version to 11.94.2 and Add RUNE_JSON ingest sample #51
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Demo Model CVE Scanning | |
| on: | |
| push: | |
| branches: | |
| - master | |
| paths: &monitored-files | |
| - '**/pom.xml' # Monitor all POM files | |
| - '.github/workflows/cve-scanning.yml' | |
| pull_request: | |
| paths: *monitored-files | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| id-token: write # Required for Workload Identity Federation | |
| contents: read # Required for actions/checkout | |
| env: | |
| JAVA_VERSION: '21' # Match the project's compiler version | |
| jobs: | |
| cve-security-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set up Java | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: 'temurin' | |
| - name: Authenticate to Google Cloud | |
| uses: 'google-github-actions/auth@v3' | |
| with: | |
| project_id: production-208613 | |
| workload_identity_provider: projects/211964611435/locations/global/workloadIdentityPools/artifact-registry/providers/github-actions-rosetta-models | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: Cache Maven dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-m2 | |
| - name: Build modules to populate local repo (no tests) | |
| run: mvn -B -ntp -U -DskipTests install | |
| - name: CVE scanning | |
| uses: dependency-check/Dependency-Check_Action@main | |
| env: | |
| JAVA_HOME: /opt/jdk | |
| with: | |
| project: 'Demo' | |
| path: '.' | |
| format: 'HTML' | |
| out: 'reports' | |
| args: > | |
| --suppression allow-list.xml | |
| --failOnCVSS 7 | |
| --centralUrl https://central.sonatype.com/solrsearch/select | |
| --ossIndexUsername ${{ secrets.OSSINDEX_USERNAME }} | |
| --ossIndexPassword ${{ secrets.OSSINDEX_TOKEN }} | |
| - name: Upload results | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: CVE Scan Report ${{ strategy.job-index }} | |
| path: ${{github.workspace}}/reports |