Skip to content

build(deps): bump aquasecurity/trivy-action from 0.24.0 to 0.27.0 #2514

build(deps): bump aquasecurity/trivy-action from 0.24.0 to 0.27.0

build(deps): bump aquasecurity/trivy-action from 0.24.0 to 0.27.0 #2514

name: 'OWASP dependency check'
env:
MAVEN_VERSION: '3.9.9'
on:
pull_request:
workflow_dispatch:
schedule:
- cron: "17 2 * * 1"
jobs:
build:
name: 'OWASP dependency check'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 'Set up JDK'
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
cache: 'maven'
- name: 'Set up Maven'
uses: stCarolas/setup-maven@v5
with:
maven-version: ${{ env.MAVEN_VERSION }}
- name: 'Run Check'
continue-on-error: true
run: mvn -U package -DnvdApiKey=${{ secrets.NVD_API_KEY }} -Dmaven.test.skip=true -Ddocker.skip=true -Dtest.onlyITs= -DskipQA=true org.owasp:dependency-check-maven:aggregate -fae -B -Dorg.slf4j.simpleLogger.defaultLogLevel=WARN -DfailBuildOnCVSS=5
- name: 'Upload result to GitHub Code Scanning'
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: target/dependency-check-report.sarif