Browse Source

[Chore] Improve owasp dependency check (#16305)

* improve owasp dependency check
dev
xiangzihao 6 months ago committed by GitHub
parent
commit
d13abe6b26
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
  1. 4
      .github/workflows/backend.yml
  2. 15
      .github/workflows/owasp-dependency-check.yaml
  3. 4
      .github/workflows/unit-test.yml
  4. 3
      pom.xml

4
.github/workflows/backend.yml

@ -67,7 +67,7 @@ jobs:
with:
submodules: true
- name: Set up JDK ${{ matrix.java }}
uses: actions/setup-java@v2
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: 'adopt'
@ -160,7 +160,7 @@ jobs:
version: ["3.1.9", "3.2.0"]
steps:
- name: Set up JDK 8
uses: actions/setup-java@v2
uses: actions/setup-java@v4
with:
java-version: 8
distribution: 'adopt'

15
.github/workflows/owasp-dependency-check.yaml

@ -22,7 +22,7 @@ on:
branches:
- '[0-9]+.[0-9]+.[0-9]+-prepare'
- '[0-9]+.[0-9]+.[0-9]+-release'
pull_request:
pull_request_target:
paths:
- '**/pom.xml'
env:
@ -30,6 +30,9 @@ env:
jobs:
build:
permissions:
contents: read
pull-requests: write
runs-on: ubuntu-latest
timeout-minutes: 120
steps:
@ -37,12 +40,18 @@ jobs:
with:
submodules: true
- name: Set up JDK 8
uses: actions/setup-java@v2
uses: actions/setup-java@v4
with:
java-version: 8
distribution: 'adopt'
- name: Run OWASP Dependency Check
run: ./mvnw -B clean install verify dependency-check:check -DskipDepCheck=false -Dmaven.test.skip=true -Dspotless.skip=true
run: |
./mvnw -B clean install verify dependency-check:check \
-DskipDepCheck=false \
-Dmaven.test.skip=true \
-Dspotless.skip=true
env:
NIST_NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }}
- name: Upload report
uses: actions/upload-artifact@v4
if: ${{ cancelled() || failure() }}

4
.github/workflows/unit-test.yml

@ -66,7 +66,7 @@ jobs:
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up JDK ${{ matrix.java }}
uses: actions/setup-java@v2
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: 'adopt'
@ -95,7 +95,7 @@ jobs:
restore-keys: ${{ runner.os }}-maven-
# Set up JDK 17 for SonarCloud.
- name: Set up JDK 17
uses: actions/setup-java@v2
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'adopt'

3
pom.xml

@ -86,7 +86,7 @@
<jacoco.skip>false</jacoco.skip>
<maven-jar-plugin.version>3.2.0</maven-jar-plugin.version>
<exec-maven-plugin.version>3.0.0</exec-maven-plugin.version>
<owasp-dependency-check-maven.version>9.2.0</owasp-dependency-check-maven.version>
<owasp-dependency-check-maven.version>10.0.2</owasp-dependency-check-maven.version>
<lombok.version>1.18.20</lombok.version>
<awaitility.version>4.2.0</awaitility.version>
<truth.version>1.4.2</truth.version>
@ -545,6 +545,7 @@
<skipRuntimeScope>true</skipRuntimeScope>
<skipSystemScope>true</skipSystemScope>
<failBuildOnCVSS>7</failBuildOnCVSS>
<nvdApiKeyEnvironmentVariable>NIST_NVD_API_KEY</nvdApiKeyEnvironmentVariable>
</configuration>
<executions>
<execution>

Loading…
Cancel
Save