Merge pull request #56 from Onlineberatung/VIC-1851_Fix_criticial_CVEs

chore: upgrade library versions and fix CVEs
virtualidentityag · Oct 26, 2022 · 433b8e3 · 433b8e3
2 parents 6c32a77 + 98cf0c2
commit 433b8e3
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/.github/workflows/securityScan.yml b/.github/workflows/securityScan.yml
@@ -0,0 +1,21 @@
+name: Run trivy security scan
+on:
+  push:
+    branches:
+      - 'develop'
+  pull_request:
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Run Trivy vulnerability scanner in fs mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'table'
+          exit-code: 1
+          severity: CRITICAL
diff --git a/pom.xml b/pom.xml
@@ -39,6 +39,7 @@
     <ehcache.version>2.10.6</ehcache.version>
     <easy-random-core.version>5.0.0</easy-random-core.version>
     <spring-boot-autoconfigure.version>2.7.5</spring-boot-autoconfigure.version>
+    <liquibase-core.version>4.9.1</liquibase-core.version>
   </properties>
 
   <dependencies>
@@ -146,6 +147,11 @@
       <artifactId>liquibase-maven-plugin</artifactId>
       <version>${liquibase-maven-plugin.version}</version>
     </dependency>
+    <dependency>
+      <groupId>org.liquibase</groupId>
+      <artifactId>liquibase-core</artifactId>
+      <version>${liquibase-core.version}</version>
+    </dependency>
 
     <!-- Test scope dependencies -->
     <dependency>