snyk fixes

contentstack · Dec 11, 2024 · c43fc86 · c43fc86
1 parent 57f97bd
commit c43fc86
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 13 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -14,7 +14,7 @@ name: "CodeQL"
 on:
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: '*'
+    branches: [master]
 
 jobs:
   analyze:
@@ -54,6 +54,19 @@ jobs:
 #    - name: Autobuild
 #      uses: github/codeql-action/autobuild@v2
 
+# Custom build steps for Java
+    - name: Set up JDK 17
+      if: matrix.language == 'java'
+      uses: actions/setup-java@v3
+      with:
+        java-version: '17'
+        distribution: 'temurin'  # You can use 'zulu' or another distribution if needed
+
+    - name: Build with Maven
+      if: matrix.language == 'java'
+      run: mvn -B package --file pom.xml
+
+
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -15,10 +15,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
-    - name: Set up JDK 1.8
-      uses: actions/setup-java@v1
+    - uses: actions/checkout@v3
+    - name: Set up JDK 17
+      uses: actions/setup-java@v3
       with:
-        java-version: 1.8
+        java-version: 17
+        distribution: 'temurin'  # You can change this to 'zulu' or other distributions if needed
     - name: Build with Maven
       run: mvn -B package --file pom.xml
diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml
@@ -8,8 +8,8 @@ jobs:
     steps:
       - uses: actions/checkout@master
       - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/node@master
+        uses: snyk/actions/maven@master
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          args: --all-projects --fail-on=all
+          args: --fail-on=all
diff --git a/pom.xml b/pom.xml
@@ -15,7 +15,7 @@
     </parent>
 
     <properties>
-        <java.version>1.8</java.version>
+        <java.version>17</java.version>
         <spring-boot.version>3.1.4</spring-boot.version>
         <json-smart.version>5.2.2</json-smart.version>
         <contentstack.version>1.12.2</contentstack.version>
@@ -25,22 +25,18 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
-            <version>${spring-boot.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-freemarker</artifactId>
-            <version>${spring-boot.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-thymeleaf</artifactId>
-            <version>${spring-boot.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter</artifactId>
-            <version>${spring-boot.version}</version>
         </dependency>
         <dependency>
             <groupId>com.contentstack.sdk</groupId>
@@ -60,7 +56,6 @@
             <plugin>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>
-                <version>3.1.4</version>
             </plugin>
         </plugins>
     </build>