mirror of
https://github.com/spring-projects/spring-petclinic.git
synced 2025-07-20 23:05:49 +00:00
update action
This commit is contained in:
vishalops87
parent
12eb8b1ff3
commit
3691b731a1
1 changed files with 47 additions and 23 deletions
70
.github/workflows/maven-build.yml
vendored
70
.github/workflows/maven-build.yml
vendored
|
|
@ -1,29 +1,53 @@
|
||||||
# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
|
name: 'vulnability-scan'
|
||||||
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
|
|
||||||
|
|
||||||
name: Java CI with Maven
|
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
pull_request:*
|
||||||
branches: [ main ]
|
push:*
|
||||||
pull_request:
|
|
||||||
branches: [ main ]
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
test:
|
||||||
|
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
strategy:
|
|
||||||
matrix:
|
|
||||||
java: [ '17' ]
|
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v2
|
||||||
- name: Set up JDK ${{matrix.java}}
|
- name: Run Trivy vulnerability scanner in repo mode
|
||||||
uses: actions/setup-java@v4
|
uses: aquasecurity/trivy-action@master
|
||||||
with:
|
with:
|
||||||
java-version: ${{matrix.java}}
|
scan-type: 'fs'
|
||||||
distribution: 'adopt'
|
severity: 'HIGH,CRITICAL'
|
||||||
cache: maven
|
ignore-unfixed: true
|
||||||
- name: Build with Maven Wrapper
|
format: 'json'
|
||||||
run: ./mvnw -B package
|
output: 'result.json'
|
||||||
|
- uses: CemitDigital/trivy-report-issue-action@v1.1
|
||||||
|
with:
|
||||||
|
# Token passed by GitHub actions, required for access to GitHub issues
|
||||||
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
|
# File with scan results
|
||||||
|
input-filename: "result.json"
|
||||||
|
|
||||||
|
# Label name
|
||||||
|
# Default: vulnerability (this label must be created in advance)
|
||||||
|
label: 'vulnerability'
|
||||||
|
|
||||||
|
# Assignees, comma separated
|
||||||
|
# Default: ''
|
||||||
|
# Example: 'monalisa,hubot'
|
||||||
|
assignee: ''
|
||||||
|
|
||||||
|
# If set the new issues will be assigned to the specified project
|
||||||
|
# Default: ''
|
||||||
|
project-id: ''
|
||||||
|
|
||||||
|
- name: Run Trivy vulnerability scanner in repo mode
|
||||||
|
uses: aquasecurity/trivy-action@0.20.0
|
||||||
|
with:
|
||||||
|
scan-type: 'fs'
|
||||||
|
ignore-unfixed: true
|
||||||
|
format: 'sarif'
|
||||||
|
output: 'trivy-results.sarif'
|
||||||
|
# exit-code: '1'
|
||||||
|
severity: 'CRITICAL,HIGH'
|
||||||
|
|
||||||
|
- name: Upload Trivy scan results to GitHub Security tab
|
||||||
|
uses: github/codeql-action/upload-sarif@v2
|
||||||
|
with:
|
||||||
|
sarif_file: 'trivy-results.sarif'
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue