Bump org.owasp.dependencycheck from 8.0.1 to 9.1.0 #2112

Workflow file for this run

.github/workflows/ci-config.yml at ee9dbd4

	name: GitHub CI

	on:
	push:
	branches:
	- main
	- trellis-extensions-[0-9]+.[0-9]+.x
	pull_request:
	branches:
	- main

	jobs:
	validation:
	name: Validation
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: gradle/wrapper-validation-action@v2

	build:
	needs: [validation]
	runs-on: ubuntu-latest
	strategy:
	matrix:
	java: [11]

	name: Java ${{ matrix.java }} environment

	steps:
	- uses: actions/checkout@v4
	- name: Set up JDK ${{ matrix.java }}
	uses: actions/setup-java@v4
	with:
	distribution: 'adopt'
	java-version: ${{ matrix.java }}

	- name: Cache
	uses: actions/cache@v3
	with:
	path: ~/.gradle/caches
	key: ${{ runner.os }}-gradle-${{ hashFiles('*/.gradle') }}
	restore-keys: \|
	${{ runner.os }}-gradle-

	- name: Build with Gradle
	run: ./gradlew check assemble javadoc -x pmdMain

	security:
	needs: [validation]
	runs-on: ubuntu-latest
	name: Security analysis

	steps:
	- uses: actions/checkout@v4
	- name: Run Snyk to check for vulnerabilities
	# Only run security scans for push events
	if: github.event_name == 'push'
	env:
	PROJECT_PATH: /project/trellis-extensions
	SNYK_ORG: ${{ secrets.SNYK_ORG }}
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	# Skip this analysis if the integration isn't set up
	run: \|
	if [ "$SNYK_ORG" != "" ]; then
	# Don't fail on snyk scans
	docker run --name snyk -e SNYK_TOKEN -e PROJECT_PATH -v "/home/runner/work/trellis-extensions":"/project" snyk/snyk-cli:gradle-5.4 "monitor --all-sub-projects --org=$SNYK_ORG" \|\| true
	fi

	windows:
	needs: [validation]
	runs-on: windows-latest
	name: Java 11 Windows environment
	steps:
	- uses: actions/checkout@v4
	- name: Set up JDK 11
	uses: actions/setup-java@v4
	with:
	distribution: 'adopt'
	java-version: 11
	- name: Cache
	uses: actions/cache@v3
	with:
	path: ~/.gradle/caches
	key: ${{ runner.os }}-gradle-${{ hashFiles('*/.gradle') }}
	restore-keys: \|
	${{ runner.os }}-gradle-

	- name: Build with Gradle
	shell: bash
	run: ./gradlew.bat -x pmdMain check

	cassandra:
	needs: [validation]
	runs-on: ubuntu-latest
	name: Java 11 (cassandra) environment

	services:
	cassandra:
	image: cassandra:3.11
	ports:
	- 9042:9042
	- 9160:9160
	options: --name cassandra -v /home/runner/work:/workspace

	steps:
	- uses: actions/checkout@v4
	- name: Set up JDK 11
	uses: actions/setup-java@v4
	with:
	distribution: 'adopt'
	java-version: 11

	- name: "Java 11 (Quarkus Cassandra)"
	run: \|
	docker exec cassandra sh -c "/workspace/trellis-extensions/trellis-extensions/buildtools/src/main/resources/cassandra/initialize.sh /workspace/trellis-extensions/trellis-extensions/cassandra/src/main/resources"
	./gradlew check -x pmdMain install --scan
	env:
	TEST_CASSANDRA: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump org.owasp.dependencycheck from 8.0.1 to 9.1.0 #2112

Workflow file

Bump org.owasp.dependencycheck from 8.0.1 to 9.1.0 #2112

Jobs

Run details

Workflow file for this run