Skip to content

Update plugin org.owasp.dependencycheck to v11 #433

Update plugin org.owasp.dependencycheck to v11

Update plugin org.owasp.dependencycheck to v11 #433

name: "ODC-Scan for vulnerabilities"
on:
schedule:
# on a weekly basis for new identified issues
- cron: '0 16 * * 5' # 16 o'clock UTC every friday
push:
paths:
# if build script changes which may introduce new issues
- build.gradle.kts
jobs:
check:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/[email protected]
- name: "Run owasp check"
env:
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
uses: burrunan/gradle-cache-action@v2
with:
remote-build-cache-proxy-enabled: false
arguments: dependencyCheckAnalyze
- name: "Upload sarif report"
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: build/reports/dependency-check-report.sarif
category: 'owasp dependency check'
- name: 'pack reports'
uses: edgarrc/action-7z@v1
with:
args: 7z a -t7z dependency-check-report ./build/reports/dependency-c*.*
- name: "Upload report"
uses: actions/[email protected]
if: always()
with:
name: owaspCheckReport
path: dependency-check-report.*