Skip to content

feat: add OWASP dependency check #10

feat: add OWASP dependency check

feat: add OWASP dependency check #10

# SPDX-FileCopyrightText: 2024 LibreCode coop and contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
name: "OWASP Dependency-Check"
on: pull_request
jobs:
dependency-check:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Run OWASP Dependency-Check
uses: dependency-check/Dependency-Check_Action@main
with:
format: 'ALL'
project: 'LibreSign'
path: './'
args: >
--failOnCVSS 7
--enableRetired
--enableExperimental
- name: Upload Dependency-Check report
uses: actions/upload-artifact@master
with:
name: dependency-check-report
path: dependency-check-report.html