Skip to content

Commit

Permalink
feat: add OWASP dependency check
Browse files Browse the repository at this point in the history
Signed-off-by: Vitor Mattos <[email protected]>
  • Loading branch information
vitormattos committed Oct 30, 2024
1 parent 09091cf commit 5851b0b
Showing 1 changed file with 30 additions and 0 deletions.
30 changes: 30 additions & 0 deletions .github/workflows/owasp-dependency-check.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# SPDX-FileCopyrightText: 2024 LibreCode coop and contributors
# SPDX-License-Identifier: AGPL-3.0-or-later

name: "OWASP Dependency-Check"

on: pull_request

jobs:
dependency-check:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v2

- name: Run OWASP Dependency-Check
uses: dependency-check/Dependency-Check_Action@main
with:
format: 'ALL'
project: 'LibreSign'
path: './'
args: >
--failOnCVSS 7
--enableRetired
--enableExperimental
- name: Upload Dependency-Check report
uses: actions/upload-artifact@master
with:
name: dependency-check-report
path: dependency-check-report.html

0 comments on commit 5851b0b

Please sign in to comment.