From 109dcd28151f5663a80335f8bc522b44f3621f15 Mon Sep 17 00:00:00 2001 From: Alexander Pann Date: Thu, 5 Dec 2024 18:06:21 +0100 Subject: [PATCH] add a GitHub action for PRs to check for vulnerabilities --- .github/workflows/vulnerability-scanning.yml | 33 ++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .github/workflows/vulnerability-scanning.yml diff --git a/.github/workflows/vulnerability-scanning.yml b/.github/workflows/vulnerability-scanning.yml new file mode 100644 index 0000000000..dfd9daf39b --- /dev/null +++ b/.github/workflows/vulnerability-scanning.yml @@ -0,0 +1,33 @@ +on: [pull_request] + +jobs: + depchecktest: + runs-on: ubuntu-latest + name: depecheck_test + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - name: Setup Java + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + with: + distribution: temurin + java-version: 17 + - name: Setup Gradle + uses: gradle/actions/setup-gradle@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4 + - name: Call setup + run: ./gradlew dependencies + - name: Depcheck + uses: dependency-check/Dependency-Check_Action@3102a65fd5f36d0000297576acc56a475b0de98d + env: + # actions/setup-java changes JAVA_HOME, so it needs to be reset to match the depcheck image + JAVA_HOME: /opt/jdk + id: Depcheck + with: + project: 'mbeddr.core' + format: 'HTML' + out: 'reports' + - name: Upload Test results + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + with: + name: Depcheck report + path: ${{github.workspace}}/reports \ No newline at end of file