-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathaction.yml
More file actions
55 lines (49 loc) · 1.85 KB
/
action.yml
File metadata and controls
55 lines (49 loc) · 1.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
name: Dependency Check
description: 'OWASP Dependency Check'
inputs:
nvd-api-key:
description: "NVD API Key"
required: false
default: ""
use-global-suppressions:
description: "Whether to use global suppression file in addition to the local suppression file (assumed name of owasp-suppression.xml at repo root)"
required: false
default: "true"
runs:
using: "composite"
steps:
- name: Setup suppressions
id: suppressions
shell: bash
run: |
if [ "${{ inputs.use-global-suppressions }}" = "true" ]; then
echo args=-Dsuppression.file=owasp-suppressions.xml,$GITHUB_ACTION_PATH/global-suppressions.xml >> $GITHUB_OUTPUT
else
echo args= >> $GITHUB_OUTPUT
fi
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive
- name: Dependency Check
if: inputs.nvd-api-key == ''
uses: hypertrace/github-actions/gradle@main
with:
args: dependencyCheckAggregate ${{steps.suppressions.outputs.args}} -Danalyzer.ossindex.enabled=false -Danalyzer.central.enabled=false
- name: Dependency Check
if: inputs.nvd-api-key != ''
uses: hypertrace/github-actions/gradle@main
with:
args: dependencyCheckAggregate ${{steps.suppressions.outputs.args}} -Dnvd.api.key=${{ inputs.nvd-api-key }} -Danalyzer.ossindex.enabled=false -Danalyzer.central.enabled=false
- name: Upload dependency check report
if: always()
uses: actions/upload-artifact@v4
with:
name: Dependency check report
path: ${{github.workspace}}/build/reports
- name: Upload dependency check report to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: ${{github.workspace}}/build/reports/dependency-check-report.sarif