| 12345678910111213141516171819202122232425262728293031 |
- # the benefit of this over dependabot is that this also analyzes transitive dependencies
- # while dependabot (at least currently) only analyzes top-level dependencies
- name: OWASP dependency check (daily)
- on:
- schedule:
- - cron: '30 1 * * *'
- workflow_dispatch:
- jobs:
- analyze:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v3
- - name: Set up Java 11
- uses: actions/setup-java@v3
- with:
- distribution: temurin
- java-version: 11
- - uses: gradle/gradle-build-action@v2
- with:
- arguments: ":javaagent:dependencyCheckAnalyze"
- - name: Upload report
- if: always()
- uses: actions/upload-artifact@v3
- with:
- path: javaagent/build/reports
|
