Skip to content

Dependency Check (OWASP) #366

Dependency Check (OWASP)

Dependency Check (OWASP) #366

name: Dependency Check (OWASP)
on:
schedule:
- cron: '48 02 * * 0' # Each Sunday at 02:48 UTC
pull_request:
types:
- opened
- synchronize
- reopened
workflow_dispatch:
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v3
with:
java-version: 17
distribution: adopt
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/cache@v3
with:
path: |
~/.m2/repository
key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }}
- name: mvn
run: >-
mvn dependency-check:check
--batch-mode
--file ./pom.xml
--settings ./settings.xml
--define app.packages.username="${APP_PACKAGES_USERNAME}"
--define app.packages.password="${APP_PACKAGES_PASSWORD}";
env:
APP_PACKAGES_USERNAME: ${{ github.actor }}
APP_PACKAGES_PASSWORD: ${{ secrets.GITHUB_TOKEN }}