#818 Add OWASP dependency check to CI

nashtech-garage · Aug 6, 2024 · 142bd8c · 142bd8c
1 parent 389b1ab
commit 142bd8c
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 18 deletions.
diff --git a/.github/workflows/backoffice-bff-ci.yaml b/.github/workflows/backoffice-bff-ci.yaml
@@ -34,6 +34,19 @@ jobs:
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         run: mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -f backoffice-bff
+      - name: OWASP Dependency Check
+        uses: dependency-check/Dependency-Check_Action@main
+        env:
+          JAVA_HOME: /opt/jdk
+        with:
+          project: 'yas'
+          path: '.'
+          format: 'HTML'
+      - name: Upload OWASP Dependency Check results
+        uses: actions/upload-artifact@master
+        with:
+          name: OWASP Dependency Check Report
+          path: ${{github.workspace}}/reports
       - name: Log in to the Container registry
         if: ${{ github.ref == 'refs/heads/main' }}
         uses: docker/login-action@v3

diff --git a/.github/workflows/backoffice-ci.yaml b/.github/workflows/backoffice-ci.yaml
@@ -42,7 +42,20 @@ jobs:
           projectBaseDir: backoffice
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}     
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      - name: OWASP Dependency Check
+        uses: dependency-check/Dependency-Check_Action@main
+        env:
+          JAVA_HOME: /opt/jdk
+        with:
+          project: 'yas'
+          path: '.'
+          format: 'HTML'
+      - name: Upload OWASP Dependency Check results
+        uses: actions/upload-artifact@master
+        with:
+          name: OWASP Dependency Check Report
+          path: ${{github.workspace}}/reports
       - name: Log in to the Container registry
         if: ${{ github.ref == 'refs/heads/main' }}
         uses: docker/login-action@v3

diff --git a/.github/workflows/owasp-dependency-check-ci.yaml b/.github/workflows/owasp-dependency-check-ci.yaml
@@ -19,20 +19,20 @@ jobs:
     env:
       FROM_ORIGINAL_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name == github.repository || github.ref == 'refs/heads/main' }}
     steps:
-        - uses: actions/checkout@v4
-          with:
-            fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
-        - uses: ./.github/workflows/actions
-        - name: OWASP Dependency Check
-          uses: dependency-check/Dependency-Check_Action@main
-          env:
-            JAVA_HOME: /opt/jdk
-          with:
-            project: 'yas'
-            path: '.'
-            format: 'HTML'
-        - name: Upload OWASP Dependency Check results
-          uses: actions/upload-artifact@master
-          with:
-            name: OWASP Dependency Check Report
-            path: ${{github.workspace}}/reports
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
+      - uses: ./.github/workflows/actions
+      - name: OWASP Dependency Check
+        uses: dependency-check/Dependency-Check_Action@main
+        env:
+          JAVA_HOME: /opt/jdk
+        with:
+          project: 'yas'
+          path: '.'
+          format: 'HTML'
+      - name: Upload OWASP Dependency Check results
+        uses: actions/upload-artifact@master
+        with:
+          name: OWASP Dependency Check Report
+          path: ${{github.workspace}}/reports