Create main.yml

2025-07-20 14:55:50 +00:00 · 2024-06-12 22:50:24 +07:00 · 2024-06-12 22:50:24 +07:00 · e14db5dad2
commit e14db5dad2
parent 4845f3cf69
1 changed files with 31 additions and 0 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -0,0 +1,31 @@
+name: Contrast Security SCA
+on:
+  push:
+    branches:
+      - "main"
+jobs:
+  Check-Dependency-Vulnerabilities:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4.1.5
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4.2.1
+        with:
+          java-version: '11'
+          distribution: 'adopt'
+
+      - name: build jar
+        run: |
+          mvn clean install -DskipTests
+
+      - name: Contrast SCA Action
+        uses: Contrast-Security-OSS/contrast-sca-action@v2.0.10
+        with:
+          apiKey: ${{ secrets.CONTRAST_API_KEY }}
+          orgId: ${{ secrets.CONTRAST_ORGANIZATION_ID }}
+          authHeader: ${{ secrets.CONTRAST_AUTH_HEADER }}
+          apiUrl: ${{ secrets.CONTRAST_API_URL }}
+          filePath: mypath/to/config/files
+          severity: medium
+          fail: true