From 170c18bf14f25422fa3592eaa9cdc4919cf41b35 Mon Sep 17 00:00:00 2001 From: JaniruTEC <52893617+JaniruTEC@users.noreply.github.com> Date: Thu, 1 Feb 2024 18:56:03 +0100 Subject: [PATCH 1/2] Externalized dependency-check --- .github/workflows/dependency-check.yml | 59 ++++---------------------- 1 file changed, 8 insertions(+), 51 deletions(-) diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml index 6431b62..9471891 100644 --- a/.github/workflows/dependency-check.yml +++ b/.github/workflows/dependency-check.yml @@ -10,54 +10,11 @@ on: jobs: check-dependencies: - name: Check dependencies - runs-on: macos-latest - steps: - - uses: actions/checkout@v4 - with: - show-progress: false - - name: Setup Java - uses: actions/setup-java@v4 - with: - distribution: 'temurin' - java-version: 17 - cache: 'maven' - - name: Cache NVD DB - uses: actions/cache@v3 - with: - path: ~/.m2/repository/org/owasp/dependency-check-data/ - key: dependency-check-${{ github.run_id }} - restore-keys: | - dependency-check - env: - SEGMENT_DOWNLOAD_TIMEOUT_MINS: 5 - - name: Run org.owasp:dependency-check plugin - id: dependency-check - continue-on-error: true - run: mvn -B validate -Pdependency-check - env: - NVD_API_KEY: ${{ secrets.NVD_API_KEY }} - - name: Upload report on failure - if: steps.dependency-check.outcome == 'failure' - uses: actions/upload-artifact@v3 - with: - name: dependency-check-report - path: target/dependency-check-report.html - if-no-files-found: error - - name: Slack Notification on regular check - if: github.event_name == 'schedule' && steps.dependency-check.outcome == 'failure' - uses: rtCamp/action-slack-notify@v2 - env: - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_USERNAME: 'Cryptobot' - SLACK_ICON: false - SLACK_ICON_EMOJI: ':bot:' - SLACK_CHANNEL: 'cryptomator-desktop' - SLACK_TITLE: "Vulnerabilities in ${{ github.event.repository.name }} detected." - SLACK_MESSAGE: "Download the for more details." - SLACK_FOOTER: false - MSG_MINIMAL: true - - name: Failing workflow on release branch - if: github.event_name == 'push' && steps.dependency-check.outcome == 'failure' - shell: bash - run: exit 1 + uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@v1 + with: + runner-os: 'macos-latest' + java-distribution: 'temurin' + java-version: 17 + secrets: + nvd-api-key: ${{ secrets.NVD_API_KEY }} + slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} From cab7f6b8459474292bf441b12d9f8acff820c367 Mon Sep 17 00:00:00 2001 From: JaniruTEC <52893617+JaniruTEC@users.noreply.github.com> Date: Fri, 2 Feb 2024 20:09:18 +0100 Subject: [PATCH 2/2] Updated JDK for dependency-check to 21 --- .github/workflows/dependency-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml index 9471891..98dac2d 100644 --- a/.github/workflows/dependency-check.yml +++ b/.github/workflows/dependency-check.yml @@ -14,7 +14,7 @@ jobs: with: runner-os: 'macos-latest' java-distribution: 'temurin' - java-version: 17 + java-version: 21 secrets: nvd-api-key: ${{ secrets.NVD_API_KEY }} slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}