Skip to content

Bump org.owasp:dependency-check-maven from 11.1.0 to 11.1.1 #532

Bump org.owasp:dependency-check-maven from 11.1.0 to 11.1.1

Bump org.owasp:dependency-check-maven from 11.1.0 to 11.1.1 #532

Workflow file for this run

name: 'Quality Monitor PR'
on:
pull_request_target:
jobs:
build:
runs-on: [ubuntu-latest]
name: Build, test and monitor quality on Ubuntu
steps:
- uses: actions/checkout@v4
if: github.event_name == 'push'
- uses: actions/checkout@v4
with:
ref: "${{ github.event.pull_request.merge_commit_sha }}"
if: github.event_name == 'pull_request_target'
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 21
check-latest: true
cache: 'maven'
- name: Set up Maven
uses: stCarolas/setup-maven@v5
with:
maven-version: 3.9.9
- name: Cache the NVD database
uses: actions/cache@v4
with:
path: ~/.m2/repository/org/owasp/dependency-check-data
key: dependency-check
- name: Build with Maven
env:
BROWSER: chrome-container
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
run: mvn -V --color always -ntp clean verify -Ppit -Pci -Powasp | tee maven.log
- name: Extract pull request number
uses: jwalton/gh-find-current-pr@v1
id: pr
- name: Run Quality Monitor
uses: uhafner/quality-monitor@v1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
pr-number: ${{ steps.pr.outputs.number }}
config: >
{
"tests": {
"tools": [
{
"id": "test",
"name": "Tests",
"pattern": "**/target/*-reports/TEST*.xml"
}
],
"name": "Tests"
},
"analysis": [
{
"name": "Style",
"id": "style",
"tools": [
{
"id": "checkstyle",
"pattern": "**/target/**checkstyle-result.xml"
},
{
"id": "pmd",
"pattern": "**/target/pmd-*/pmd.xml"
}
]
},
{
"name": "Bugs",
"id": "bugs",
"icon": "bug",
"tools": [
{
"id": "spotbugs",
"sourcePath": "src/main/java",
"pattern": "**/target/spotbugsXml.xml"
},
{
"id": "error-prone",
"pattern": "**/maven.log"
}
]
},
{
"name": "Vulnerabilities",
"id": "vulnerabilities",
"icon": "shield",
"tools": [
{
"id": "owasp-dependency-check",
"pattern": "**/target/dependency-check-report.json"
}
]
}
],
"coverage": [
{
"name": "Code Coverage",
"tools": [
{
"id": "jacoco",
"name": "Line Coverage",
"metric": "line",
"sourcePath": "src/main/java",
"pattern": "**/target/site/jacoco/jacoco.xml"
},
{
"id": "jacoco",
"name": "Branch Coverage",
"metric": "branch",
"sourcePath": "src/main/java",
"pattern": "**/target/site/jacoco/jacoco.xml"
}
]
},
{
"name": "Mutation Coverage",
"tools": [
{
"id": "pit",
"name": "Mutation Coverage",
"metric": "mutation",
"sourcePath": "src/main/java",
"pattern": "**/target/pit-reports/mutations.xml"
},
{
"id": "pit",
"name": "Test Strength",
"metric": "test-strength",
"sourcePath": "src/main/java",
"pattern": "**/target/pit-reports/mutations.xml"
}
]
}
],
"metrics":
{
"name": "Toplevel Metrics",
"tools": [
{
"name": "Cyclomatic Complexity",
"id": "metrics",
"pattern": "**/metrics/pmd.xml",
"metric": "CYCLOMATIC_COMPLEXITY"
},
{
"name": "Cognitive Complexity",
"id": "metrics",
"pattern": "**/metrics/pmd.xml",
"metric": "COGNITIVE_COMPLEXITY"
},
{
"name": "Lines of Code",
"id": "metrics",
"pattern": "**/metrics/pmd.xml",
"metric": "LOC"
},
{
"name": "Non Commenting Source Statements",
"id": "metrics",
"pattern": "**/metrics/pmd.xml",
"metric": "NCSS"
},
{
"name": "Access to foreign data",
"id": "metrics",
"pattern": "**/metrics/pmd.xml",
"metric": "ACCESS_TO_FOREIGN_DATA"
},
{
"name": "Class cohesion",
"id": "metrics",
"pattern": "**/metrics/pmd.xml",
"metric": "COHESION"
},
{
"name": "Fan out",
"id": "metrics",
"pattern": "**/metrics/pmd.xml",
"metric": "FAN_OUT"
},
{
"name": "Number of accessors",
"id": "metrics",
"pattern": "**/metrics/pmd.xml",
"metric": "NUMBER_OF_ACCESSORS"
},
{
"name": "Weight of a class",
"id": "metrics",
"pattern": "**/metrics/pmd.xml",
"metric": "WEIGHT_OF_CLASS"
},
{
"name": "Weighted method count",
"id": "metrics",
"pattern": "**/metrics/pmd.xml",
"metric": "WEIGHED_METHOD_COUNT"
},
{
"name": "N-Path Complexity",
"id": "metrics",
"pattern": "**/metrics/pmd.xml",
"metric": "NPATH_COMPLEXITY"
}
]
}
}