Skip to content

Commit

Permalink
update dependecy-check to 9.0.4 and refactor it to own workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
@infeo
infeo committed Dec 12, 2023
1 parent a0a20ce commit cf173f6
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 7 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,10 @@ jobs:
cache: 'maven'
- name: Ensure to use tagged version
if: startsWith(github.ref, 'refs/tags/')
run: mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
run: mvn -B versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
- name: Build and Test
id: buildAndTest
run: mvn -B clean install jacoco:report -Pcoverage,dependency-check
run: mvn -B clean install jacoco:report -Pcoverage
- name: Upload code coverage report
id: codacyCoverageReporter
run: bash <(curl -Ls https://coverage.codacy.com/get.sh)
Expand Down
54 changes: 54 additions & 0 deletions .github/workflows/dependency-check.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: OWASP Maven Dependency Check
on:
schedule:
- cron: '0 7 * * 0'
push:
branches:
- 'release/**'
workflow_dispatch:


jobs:
check-dependencies:
name: Check dependencies
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
show-progress: false
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: 21
cache: 'maven'
- name: Run org.owasp:dependency-check plugin
id: dependency-check
continue-on-error: true
run: mvn -B verify -Pdependency-check -DskipTests
env:
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
- name: Upload report on failure
if: steps.dependency-check.outcome == 'failure'
uses: actions/upload-artifact@v3
with:
name: dependency-check-report
path: target/dependency-check-report.html
if-no-files-found: error
- name: Slack Notification on regular check
if: github.event_name == 'schedule' && steps.dependency-check.outcome == 'failure'
uses: rtCamp/action-slack-notify@v2
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_USERNAME: 'Cryptobot'
SLACK_ICON: false
SLACK_ICON_EMOJI: ':bot:'
SLACK_CHANNEL: 'cryptomator-desktop'
SLACK_TITLE: "Vulnerabilities in ${{ github.event.repository.name }} detected."
SLACK_MESSAGE: "Download the <https://github.com/${{ github.repository }}/actions/run/${{ github.run_id }}|report> for more details."
SLACK_FOOTER: false
MSG_MINIMAL: true
- name: Failing workflow on release branch
if: github.event_name == 'push' && steps.dependency-check.outcome == 'failure'
shell: bash
run: exit 1
8 changes: 3 additions & 5 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
<cryptofs.version>2.6.7</cryptofs.version>

<!-- build dependencies -->
<dependency-check.version>8.4.2</dependency-check.version>
<dependency-check.version>9.0.4</dependency-check.version>
<maven.deploy.version>3.1.1</maven.deploy.version>
<jacoco.version>0.8.11</jacoco.version>
</properties>
Expand Down Expand Up @@ -236,13 +236,11 @@
<artifactId>dependency-check-maven</artifactId>
<version>${dependency-check.version}</version>
<configuration>
<cveValidForHours>24</cveValidForHours>
<failBuildOnCVSS>0</failBuildOnCVSS>
<skipTestScope>true</skipTestScope>
<detail>true</detail>
<suppressionFiles>
<suppressionFile>suppression.xml</suppressionFile>
</suppressionFiles>
<suppressionFile>suppression.xml</suppressionFile>
<nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
</configuration>
<executions>
<execution>
Expand Down

0 comments on commit cf173f6

Please sign in to comment.