OWASP Dependency-Check #251
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: OWASP Dependency-Check | |
on: | |
schedule: | |
- cron: '0 16 */2 * *' # Schedule for bi-daily run at midnight Singapore Time | |
jobs: | |
owasp-dependency-check: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repository with Token | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GH_PAT }} | |
- name: Run OWASP Dependency-Check | |
if: github.ref == 'refs/heads/main' | |
id: owasp-check | |
run: | | |
# Download and set up Dependency-Check | |
curl -LO https://github.com/jeremylong/DependencyCheck/releases/download/v7.3.0/dependency-check-7.3.0-release.zip | |
unzip dependency-check-7.3.0-release.zip | |
chmod +x dependency-check/bin/dependency-check.sh | |
# Run Dependency-Check and capture the JSON output to a file | |
./dependency-check/bin/dependency-check.sh --project "Dependency Check Example" --scan . --out /tmp --format JSON | |
# Move the JSON report to the 'github-actions' folder | |
mv -f /tmp/dependency-check-report.json ${{ github.workspace }}/CICD-Tooling/github-actions/dependency-check-report.json | |
env: | |
MAVEN_OPTS: -Dmaven.repo.local=${{ runner.workspace }}/.m2/repository | |
MVNW_HOME: ./mvnw | |
- name: Commit Dependency Report | |
if: github.ref == 'refs/heads/main' | |
run: | | |
git config user.email ${{ secrets.GIT_USER_EMAIL }} | |
git config user.name "Coolbreeze151" | |
git pull | |
git add ${{ github.workspace }}/DevOpsRoadmap/CICD-Tooling/github-actions/dependency-check-report.json | |
git commit -m "Add Dependency-Check JSON report" | |
git push origin HEAD:main | |
- name: Upload Dependency-Check Report | |
if: github.ref == 'refs/heads/main' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: dependency-check-report | |
path: ${{ github.workspace }}/DevOpsRoadmap/CICD-Tooling/github-actions/dependency-check-report.json | |