Skip to content

Report Security Issues #1149

Report Security Issues

Report Security Issues #1149

# Generated by Project Keeper
# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/dependencies_check.yml
name: Report Security Issues
on:
workflow_dispatch:
schedule:
- cron: "0 2 * * *"
jobs:
report_security_issues:
runs-on: ubuntu-latest
defaults:
run:
shell: "bash"
permissions:
contents: read
issues: write
outputs:
created-issues: ${{ steps.security-issues.outputs.created-issues }}
steps:
- uses: actions/checkout@v4
- name: Set up JDKs
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: |
11
17
cache: "maven"
- name: Generate ossindex report
run: |
mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit \
org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate \
-Dossindex.reportFile=$(pwd)/ossindex-report.json \
-Dossindex.fail=false
- name: Report Security Issues
id: security-issues
uses: exasol/python-toolbox/.github/actions/security-issues@main
with:
format: "maven"
command: "cat ossindex-report.json"
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Output security issues (Debugging)
run: |
echo "$CREATED_ISSUES" > test.jsonl
cat test.jsonl
env:
CREATED_ISSUES: ${{ steps.security-issues.outputs.created-issues }}
start_dependency_udpate:
needs: report_security_issues
# [impl->dsn~trigger-dependency-updates~1]
if: ${{ needs.report_security_issues.outputs.created-issues }}
concurrency:
cancel-in-progress: true
group: "dependencies_update"
# Workflow needs secret INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK
secrets: inherit
permissions:
contents: write
pull-requests: write
uses: ./.github/workflows/dependencies_update.yml
with:
vulnerability_issues: ${{ needs.report_security_issues.outputs.created-issues }}