Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: fix OWASP GitHub daily workflow #4357

Merged
merged 1 commit into from
May 11, 2024
Merged

build: fix OWASP GitHub daily workflow #4357

merged 1 commit into from
May 11, 2024

Conversation

shoothzj
Copy link
Member

Changes

  • Removed Maven setup steps from .github/workflows/bk-ci.yml, setup-java will set maven ready.
  • Changed the name of the daily build in .github/workflows/owasp-daily-build.yml from "JDK 21 Daily Build" to "OWASP Daily Build"
  • Added needed params distribution to 'temurin'.

test on fork repo, it works well.
https://github.com/shoothzj/bookkeeper/actions/runs/9032270409/job/24820129535
image

Error:  Failed to execute goal org.owasp:dependency-check-maven:9.1.0:aggregate (default) on project bookkeeper: 
Error:  
Error:  One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0': 
Error:  
Error:  amqp-client-5.5.3.jar: CVE-2023-46120(7.5)
Error:  bc-fips-1.0.2.4.jar: CVE-2024-29[8](https://github.com/shoothzj/bookkeeper/actions/runs/9032270409/job/24820129535#step:5:9)57(7.5)
Error:  bcprov-jdk15on-1.64.jar: CVE-2024-2[9](https://github.com/shoothzj/bookkeeper/actions/runs/9032270409/job/24820129535#step:5:10)857(7.5), CVE-2024-34447(7.699999809265137)
Error:  grpc-core-1.56.0.jar: CVE-2023-44487(7.5), CVE-2023-4785(7.5), CVE-2023-33953(7.5)
Error:  grpc-protobuf-1.56.0.jar: CVE-2023-44487(7.5), CVE-2023-4785(7.5), CVE-2023-33953(7.5)
Error:  okio-3.2.0.jar: CVE-2023-3635(7.5)
Error:  plexus-cipher-2.0.jar: CVE-2022-4244(7.5)
Error:  plexus-classworlds-2.7.0.jar: CVE-2022-4244(7.5)
Error:  plexus-component-annotations-2.1.0.jar: CVE-2022-4244(7.5)
Error:  plexus-interpolation-1.26.jar: CVE-2022-4244(7.5)
Error:  plexus-sec-dispatcher-2.0.jar: CVE-2022-4244(7.5)
Error:  snakeyaml-1.19.jar: CVE-20[17](https://github.com/shoothzj/bookkeeper/actions/runs/9032270409/job/24820129535#step:5:18)-18640(7.5), CVE-2022-25857(7.5)

@shoothzj
build: fix OWASP GitHub daily workflow
699b64c 
Signed-off-by: ZhangJian He <shoothzj@gmail.com>
@shoothzj shoothzj merged commit 0f4dfcf into apache:master May 11, 2024
21 checks passed
@shoothzj shoothzj deleted the owasp-ci branch May 11, 2024 02:55
@hangc0276 hangc0276 added this to the 4.18.0 milestone May 25, 2024
Ghatage pushed a commit to sijie/bookkeeper that referenced this pull request Jul 12, 2024
@shoothzj
build: fix OWASP GitHub daily workflow (apache#4357)
063833d 
Signed-off-by: ZhangJian He <shoothzj@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jiazhai jiazhai jiazhai approved these changes

Assignees

@shoothzj shoothzj

Labels
area/build
Projects
None yet
Milestone
4.18.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@shoothzj @jiazhai @hangc0276