55 lines
1.5 KiB
YAML
55 lines
1.5 KiB
YAML
# the benefit of this over renovate is that this also analyzes transitive dependencies
|
|
# while renovate (at least currently) only analyzes top-level dependencies
|
|
name: OWASP dependency check (daily)
|
|
|
|
on:
|
|
schedule:
|
|
# daily at 1:30 UTC
|
|
- cron: "30 1 * * *"
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
analyze:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Free disk space
|
|
run: .github/scripts/gha-free-disk-space.sh
|
|
|
|
- name: Set up JDK for running Gradle
|
|
uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
|
|
with:
|
|
distribution: temurin
|
|
java-version-file: .java-version
|
|
|
|
- name: Increase gradle daemon heap size
|
|
run: |
|
|
sed -i "s/org.gradle.jvmargs=/org.gradle.jvmargs=-Xmx3g /" gradle.properties
|
|
|
|
- uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
|
|
|
|
- run: ./gradlew :javaagent:dependencyCheckAnalyze
|
|
env:
|
|
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
|
|
|
|
- name: Upload report
|
|
if: always()
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
path: javaagent/build/reports
|
|
|
|
workflow-notification:
|
|
permissions:
|
|
contents: read
|
|
issues: write
|
|
needs:
|
|
- analyze
|
|
if: always()
|
|
uses: ./.github/workflows/reusable-workflow-notification.yml
|
|
with:
|
|
success: ${{ needs.analyze.result == 'success' }}
|