-
Notifications
You must be signed in to change notification settings - Fork 1
43 lines (35 loc) · 1.44 KB
/
owasp.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
name: OWASP Dependency Check
on: [pull_request, workflow_dispatch]
jobs:
owasp:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Get Date
id: get-date
run: |
echo "datetime=$(/bin/date -u "+%Y%m%d%H")" >> $GITHUB_OUTPUT
shell: bash
- name: Restore cached Maven dependencies
uses: actions/cache/restore@v4
with:
path: ~/.m2/repository
# Using datetime in cache key as OWASP database may change, without the pom changing
key: ${{ runner.os }}-maven-${{ steps.get-date.outputs.datetime }}-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-${{ steps.get-date.outputs.datetime }}
${{ runner.os }}-maven-
- name: Set up JDK 22
uses: oracle-actions/setup-java@v1
with:
website: jdk.java.net
release: 22
- name: Run Maven
run: ./mvnw clean dependency-check:check -DnvdApiKey=${{ secrets.NVD_API_KEY }} -DnvdApiDelay=6000
# Want the Maven dependencies to be cached even if the build fails as we want the OWASP database cached, regardless of whether vulnerabilities are found or not
- name: Cache Maven dependencies
uses: actions/cache/save@v4
if: always()
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ steps.get-date.outputs.datetime }}-${{ hashFiles('**/pom.xml') }}