mirror of
https://github.com/cryptomator/cryptomator.git
synced 2026-05-17 18:21:26 +00:00
57 lines
1.9 KiB
YAML
57 lines
1.9 KiB
YAML
name: OWASP Maven Dependency Check
|
|
on:
|
|
schedule:
|
|
- cron: '0 8 * * 0'
|
|
workflow_dispatch:
|
|
|
|
|
|
jobs:
|
|
check-dependencies:
|
|
name: Check dependencies
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
show-progress: false
|
|
- name: Setup Java
|
|
uses: actions/setup-java@v4
|
|
with:
|
|
distribution: 'temurin'
|
|
java-version: 21
|
|
cache: 'maven'
|
|
- name: Cache NVD DB
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: ~/.m2/repository/org/owasp/dependency-check-data/
|
|
key: dependency-check-${{ github.run_id }}
|
|
restore-keys: |
|
|
dependency-check
|
|
env:
|
|
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 5
|
|
- name: Run org.owasp:dependency-check plugin
|
|
id: dependency-check
|
|
continue-on-error: true
|
|
run: mvn -B validate -Pdependency-check
|
|
env:
|
|
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
|
|
- name: Upload report on failure
|
|
if: steps.dependency-check.outcome == 'failure'
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: dependency-check-report
|
|
path: target/dependency-check-report.html
|
|
if-no-files-found: error
|
|
- name: Slack Notification on regular check
|
|
if: github.event_name == 'schedule' && steps.dependency-check.outcome == 'failure'
|
|
uses: rtCamp/action-slack-notify@v2
|
|
env:
|
|
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
|
|
SLACK_USERNAME: 'Cryptobot'
|
|
SLACK_ICON: false
|
|
SLACK_ICON_EMOJI: ':bot:'
|
|
SLACK_CHANNEL: 'cryptomator-desktop'
|
|
SLACK_TITLE: "Vulnerabilities in ${{ github.event.repository.name }} detected."
|
|
SLACK_MESSAGE: "Download the <https://github.com/${{ github.repository }}/actions/run/${{ github.run_id }}|report> for more details."
|
|
SLACK_FOOTER: false
|
|
MSG_MINIMAL: true
|