Skip to content

Adding more libs

Adding more libs #6

Workflow file for this run

# Create GitHub Action Secrets for your version of the application:
# DEBRICKEN_TOKEN should be an API Access Token from your Debricked tenant.
name: OSS SCA with Debricked
on:
# Triggers the workflow on push or pull request events but only for the main and dev branches
push:
paths:
- 'pom.xml'
#- 'build.gradle'
#- 'frontend/build.gradle'
- 'frontend/package.json'
- 'libs/**'
branches:
- '**' # matches every branch
pull_request:
branches: [ main, develop ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# Global environment variables
env:
DEFAULT_APP_NAME: "DebrickedDemoApp"
jobs:
Debricked-SCA:
runs-on: ubuntu-latest
if: ${{ (github.event_name == 'push') || (github.event_name == 'pull_request') || (github.event.inputs.runDebrickedScan == 'true') }}
steps:
- name: Setup Maven Action
uses: s4u/[email protected]
with:
java-version: '11'
java-distribution: 'temurin'
# Install Fortify/Debricked CLI
- name: Setup Fortify tools
uses: fortify/github-action/[email protected]
with:
export-path: true
fcli: latest
debricked-cli: latest
- name: Run debricked scan
shell: bash
run: |
# we are excluding Gradle and using Maven so we can callgraph works
debricked scan --fingerprint --callgraph --prefer-npm -r "${DEFAULT_APP_NAME}" --access-token="${DEBRICKED_TOKEN}" -e "**/build.gradle" -e "**/node_modules/**" -e "*/**.lock" -e "**/build/classes/test/**" -e "**/target/classes/test-classes/**" .
env:
APP_NAME: ${{ env.DEFAULT_APP_NAME }}
DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}