Security vulnerability scan #730

Workflow file for this run

.github/workflows/vulnerability-scan.yml at b1408ec

	name: "Security vulnerability scan"

	on:
	schedule:
	- cron: "20 23 * * *"
	workflow_dispatch:

	jobs:
	go:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	target:
	- govulncheck
	- nancy
	- osv-scanner
	steps:
	- uses: actions/checkout@v4
	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version: stable
	check-latest: true
	- name: Scan
	run: make scan-go-${{ matrix.target }}

	node:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	target:
	- npm-audit
	- osv-scanner
	steps:
	- uses: actions/checkout@v4
	- name: Set up Node
	uses: actions/setup-node@v4
	with:
	node-version: "lts/*"
	- name: Set up Go
	if: ${{ matrix.target == 'osv-scanner' }}
	uses: actions/setup-go@v5
	with:
	go-version: stable
	- name: Scan
	run: make scan-node-${{ matrix.target }}

	java_osv_scanner:
	name: "java (osv-scanner)"
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version: stable
	- name: Scan
	run: make scan-java-osv-scanner

	java_dependency_check:
	name: "java (dependency-check)"
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: Set up Java
	uses: actions/setup-java@v4
	with:
	java-version: 21
	distribution: temurin
	cache: maven
	- name: Get Date
	id: get-date
	shell: bash
	run: echo "datetime=$(/bin/date -u '+%Y%m%d%H')" >> $GITHUB_OUTPUT
	- name: Restore cached Maven dependencies
	uses: actions/cache/restore@v4
	with:
	path: ~/.m2/repository
	# Using datetime in cache key as OWASP database may change, without the pom changing
	key: ${{ runner.os }}-maven-${{ steps.get-date.outputs.datetime }}-${{ hashFiles('**/pom.xml') }}
	restore-keys: \|
	${{ runner.os }}-maven-${{ steps.get-date.outputs.datetime }}
	${{ runner.os }}-maven-
	- name: Scan
	env:
	NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
	run: make scan-java-dependency-check
	- name: "Archive dependency-check report"
	if: ${{ !cancelled() }}
	uses: actions/upload-artifact@v4
	with:
	name: dependency-check-report
	path: java/target/dependency-check-report.html
	- name: Cache Maven dependencies
	if: ${{ !cancelled() }}
	uses: actions/cache/save@v4
	with:
	path: ~/.m2/repository
	key: ${{ runner.os }}-maven-${{ steps.get-date.outputs.datetime }}-${{ hashFiles('**/pom.xml') }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security vulnerability scan #730

Workflow file

Security vulnerability scan #730

Jobs

Run details

Workflow file for this run