| 12345678910111213141516171819202122232425262728293031323334353637383940414243 |
- # the benefit of this over dependabot is that this also analyzes transitive dependencies
- # while dependabot (at least currently) only analyzes top-level dependencies
- name: OWASP dependency check (daily)
- on:
- schedule:
- # daily at 1:30 UTC
- - cron: "30 1 * * *"
- workflow_dispatch:
- jobs:
- analyze:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v4
- - name: Free disk space
- run: .github/scripts/gha-free-disk-space.sh
- - name: Set up JDK for running Gradle
- uses: actions/setup-java@v4
- with:
- distribution: temurin
- java-version: 17.0.6
- - uses: gradle/gradle-build-action@v2
- with:
- arguments: ":javaagent:dependencyCheckAnalyze"
- - name: Upload report
- if: always()
- uses: actions/upload-artifact@v4
- with:
- path: javaagent/build/reports
- workflow-notification:
- needs:
- - analyze
- if: always()
- uses: ./.github/workflows/reusable-workflow-notification.yml
- with:
- success: ${{ needs.analyze.result == 'success' }}
|
