Bump actions/dependency-review-action from 2.5.1 to 4.3.4 #350
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Basic test | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 | |
| - name: Build the images | |
| run: | | |
| ./build_images.sh | |
| - name: Run the exploit lab using the bash script | |
| run: | | |
| ./run_containers.sh | |
| ./delete_containers.sh | |
| - name: Test the exploit lab using the python cli (java8) [Non vulnerable] | |
| run: | | |
| python log4shell_validator.py --java-version 8 --log4j-version 2.12.2 | |
| - name: Test the exploit lab using the python cli (java8) [vulnerable] | |
| run: | | |
| python log4shell_validator.py --java-version 8 --log4j-version 2.12.1 |