Skip to content

DPSTAT-1397 updating build for trivy #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
salma-tfb merged 12 commits into from
Jan 26, 2026
Merged

DPSTAT-1397 updating build for trivy #47

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
fce0209
DPSTAT-1397 updating build for trivy
salma-tfb Jan 22, 2026
8e86b99
Merge branch 'master' into DPSTAT-1397-trivy-scanning
salma-tfb Jan 23, 2026
ef04442
DPSTAT-1397 updating build for trivy with master configuration
salma-tfb Jan 23, 2026
fc57377
DPSTAT-1397 remove skip set up failing the build
salma-tfb Jan 23, 2026
9972a2a
DPSTAT-1397 changes after PR
salma-tfb Jan 23, 2026
7596082
DPSTAT-1397 udpated from ssb bip to gar
salma-tfb Jan 23, 2026
e145466
DPSTAT-1397 upgrading 2 high vulnerability libraries
salma-tfb Jan 23, 2026
7f0b5a7
DPSTAT-1397 reverting the change of profile
salma-tfb Jan 23, 2026
8172c32
DPSTAT-1397 change of profile to ssb-gar
salma-tfb Jan 23, 2026
18606a4
DPSTAT-1397 moving google authentication sequence for failed build
salma-tfb Jan 23, 2026
e68b5ea
Merge branch 'master' into DPSTAT-1397-trivy-scanning
salma-tfb Jan 26, 2026
2ab0897
DPSTAT-1397 changing profile to ssb-gar
salma-tfb Jan 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 32 additions & 4 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
permissions:
contents: read
id-token: write

security-events: write
steps:
- uses: actions/checkout@v3

Expand All @@ -33,10 +33,38 @@ jobs:
service_account: "gh-actions-dapla-pseudo@artifact-registry-5n.iam.gserviceaccount.com"
token_format: access_token

- name: Build with Maven
run: mvn --batch-mode -P ssb-gar package

- name: Fail build on High/Critical Vulnerabilities
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
format: 'table'
scan-ref: '.'
severity: 'HIGH,CRITICAL'
ignore-unfixed: true
exit-code: 1

- name: Run Trivy vulnerability scanner (SARIF for reporting)
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
skip-setup-trivy: true

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: 'trivy-results.sarif'

- name: Build and test with Maven
if: github.event_name == 'pull_request'
run: mvn --batch-mode -P ssb-bip clean test
run: mvn --batch-mode -P ssb-gar clean test

- name: Build with Maven and deploy to Artifact Registry
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
run: mvn --batch-mode -P ssb-bip deploy -Dmaven.javadoc.skip=true
if: github.event_name == 'push' && github.ref == 'refs/heads/master' && success()
run: mvn --batch-mode -P ssb-gar deploy -Dmaven.javadoc.skip=true
11 changes: 9 additions & 2 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
<dapla-dlp-pseudo-func.version>1.3.3</dapla-dlp-pseudo-func.version>
<guava.version>32.0.0-jre</guava.version>
<jsonassert.version>1.5.1</jsonassert.version>
<logback.version>1.4.6</logback.version>
<logback.version>1.4.12</logback.version>
<lombok.version>1.18.30</lombok.version>
<micronaut.version>4.3.7</micronaut.version>
<micronaut.validation.version>4.4.0</micronaut.validation.version>
Expand All @@ -27,6 +27,7 @@
<univocity-parsers.version>2.9.1</univocity-parsers.version>
<zip4j.version>2.11.5</zip4j.version>
<caffeine.version>3.2.2</caffeine.version>
<protobuf.version>3.25.5</protobuf.version>

<!-- Plugin/extension versions -->
<artifactregistry-maven-wagon.version>2.1.4</artifactregistry-maven-wagon.version>
Expand Down Expand Up @@ -134,6 +135,12 @@
<artifactId>tika-core</artifactId>
<version>${tika.version}</version>
</dependency>
<dependency>
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-java</artifactId>
<version>${protobuf.version}</version>
</dependency>

<dependency>
<groupId>net.lingala.zip4j</groupId>
<artifactId>zip4j</artifactId>
Expand Down Expand Up @@ -381,7 +388,7 @@
</build>
</profile>
<profile>
<id>ssb-bip</id>
<id>ssb-gar</id>
<distributionManagement>
<repository>
<id>artifact-registry</id>
Expand Down
Loading