Skip to content

Update caller_SONAR.yml #68

Update caller_SONAR.yml

Update caller_SONAR.yml #68

name: Software Composition Analysis with Dependency-Check
on:
push:
workflow_dispatch:
jobs:
Dependency_check:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/cache@v3
with:
path: |
./dependency-check/data
# Ensure the key is unique and based on something that changes when the cache should be rebuilt
key: ${{ runner.os }}-dependency-check-${{ hashFiles('*.db', '*.json') }}
restore-keys: |
${{ runner.os }}-dependency-check-
- name: Depcheck Action - SCA
uses: dependency-check/Dependency-Check_Action@main
id: Depcheck
with:
project: '${{ github.repository }}'
path: '.'
format: 'HTML'
out: 'reports' # this is the default, no need to specify unless you wish to override it
args: >
--enableRetired
--enableExperimental
# --nvdApiKey $NVD_API_KEY
- name: Upload results - SCA
uses: actions/upload-artifact@master
with:
name: Depcheck report
path: ${{github.workspace}}/reports
- run: ls -la