-
Notifications
You must be signed in to change notification settings - Fork 2
71 lines (58 loc) · 2.07 KB
/
develop.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: Java CI with Maven
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
cache: maven
- name: Build with Maven
run: mvn clean install
security-scan:
runs-on: ubuntu-latest
needs: build # Ensures that the security scan runs only if the build job succeeds
steps:
# Step 1: Checkout code
- name: Checkout code
uses: actions/checkout@v4
# Step 2: Set up Java
- name: Set up Java 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
# Step 3: Run OWASP Dependency-Check
- name: Run OWASP Dependency-Check
uses: dependency-check/Dependency-Check_Action@main
env:
# actions/setup-java@v1 changes JAVA_HOME so it needs to be reset to match the depcheck image
JAVA_HOME: /opt/jdk
with:
project: 'webank-onlinebanking'
path: '.'
format: 'HTML'
out: 'reports'
args: >
--failOnCVSS 5
# Step 4: Upload the Dependency-Check report as an artifact
- name: Upload Dependency Check report
uses: actions/upload-artifact@v3
with:
name: Dependency-Check Report
path: ${{ github.workspace }}/reports
#Add pmd check