From d28bd5f33514893a5db3e8ee676f6a22dd8945da Mon Sep 17 00:00:00 2001 From: "HARVEYNASH\\minh.tranquang" Date: Tue, 6 Aug 2024 12:15:50 +0700 Subject: [PATCH] #759 Create webhook --- .github/workflows/owasp-dependency-check-ci.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/owasp-dependency-check-ci.yaml b/.github/workflows/owasp-dependency-check-ci.yaml index 052569fc21..ea938f33e1 100644 --- a/.github/workflows/owasp-dependency-check-ci.yaml +++ b/.github/workflows/owasp-dependency-check-ci.yaml @@ -24,4 +24,9 @@ jobs: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - uses: ./.github/workflows/actions - name: OWASP Dependency Check - run: mvn org.owasp:dependency-check-maven:check \ No newline at end of file + run: mvn clean package org.owasp:dependency-check-maven:aggregate --file src/pom.xml -Dfmt.skip=true -DskipTests=true -fae -B -Dorg.slf4j.simpleLogger.defaultLogLevel=WARN -DfailBuildOnCVSS=7 + - name: Upload scan results to GitHub Code Scanning + if: ${{ always() }} + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: target/dependency-check-report.sarif \ No newline at end of file