Skip to content

Bump org.codehaus.mojo:versions-maven-plugin from 2.17.1 to 2.18.0 #2720

Bump org.codehaus.mojo:versions-maven-plugin from 2.17.1 to 2.18.0

Bump org.codehaus.mojo:versions-maven-plugin from 2.17.1 to 2.18.0 #2720

Workflow file for this run

name: 'Trivy Security Scan'
env:
MAVEN_OPTS: -Djava.awt.headless=true
MAVEN_VERSION: '3.9.9'
on: # use pull request so this workflow dos not fail when triggered by dependabot PR's
pull_request:
schedule:
- cron: "17 23 * * 0"
workflow_dispatch:
jobs:
build:
name: 'Trivy Scan'
runs-on: ubuntu-latest
permissions:
contents: read
actions: read
security-events: write
steps:
- uses: actions/checkout@v4
- name: 'Set up JDK'
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17
cache: 'maven'
- name: 'Set up Maven'
uses: stCarolas/setup-maven@v5
with:
maven-version: ${{ env.MAVEN_VERSION }}
- name: 'Build'
run: mvn -U package -DskipTests -DskipITs -Dmaven.javadoc.skip=true
- name: Trivy Cache
uses: yogeshlonkar/[email protected]
with:
gh-token: ${{ secrets.GITHUB_TOKEN }}
- name: 'Run Trivy vulnerability scanner'
uses: aquasecurity/[email protected]
# docker run --rm -v trivy_cache:/root/.cache/ aquasec/trivy image ghcr.io/tailormap/tailormap-api:snapshot
with:
image-ref: 'ghcr.io/tailormap/tailormap-api:snapshot'
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'HIGH,CRITICAL'
limit-severities-for-sarif: true
cache-dir: .trivy
- name: 'Check file existence'
id: check_files
uses: andstor/file-existence-action@v3
with:
files: 'trivy-results.sarif'
- name: 'Upload Trivy scan results to GitHub Security tab'
uses: github/codeql-action/upload-sarif@v3
if: steps.check_files.outputs.files_exists == 'true'
with:
sarif_file: 'trivy-results.sarif'
- name: 'Cleanup cached snapshots'
if: always()
run: |
find ~/.m2/repository -name "*SNAPSHOT*" -type d | xargs rm -rf {}