Skip to content

Commit

Permalink
#489: Added security-issues workflow (#490)
Browse files Browse the repository at this point in the history
  • Loading branch information
kaklakariada authored Oct 30, 2023
1 parent 28b5e27 commit e8049aa
Show file tree
Hide file tree
Showing 3 changed files with 51 additions and 11 deletions.
29 changes: 24 additions & 5 deletions .github/workflows/dependencies_check.yml
Original file line number Diff line number Diff line change
@@ -1,12 +1,15 @@
name: Dependencies Check
name: Report Security Issues for Repository

on:
workflow_dispatch:
schedule:
- cron: "0 2 * * *"

jobs:
build:
report_security_issues:
runs-on: ubuntu-latest
permissions:
issues: write

steps:
- uses: actions/checkout@v4
Expand All @@ -17,6 +20,22 @@ jobs:
java-version: 11
cache: "maven"
- name: Install Projects
run: mvn --batch-mode install -DskipTests # This fixes https://github.com/exasol/project-keeper/issues/330
- name: Checking dependencies for vulnerabilities
run: mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml
# This fixes https://github.com/exasol/project-keeper/issues/330
run: |
mvn --batch-mode install -DskipTests \
-Dproject-keeper.skip=true -Dossindex.skip=true -Dmaven.javadoc.skip=true \
-Djacoco.skip=true -Derror-code-crawler.skip=true -Dreproducible.skip=true
- name: Generate ossindex report
run: |
mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit \
org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate \
-Dossindex.reportFile=$(pwd)/ossindex-report.json \
-Dossindex.fail=false
- name: Report Security Issues
uses: exasol/python-toolbox/.github/actions/security-issues@main
with:
format: "maven"
command: "cat ossindex-report.json"
github-token: ${{ secrets.GITHUB_TOKEN }}
10 changes: 8 additions & 2 deletions doc/changes/changes_2.9.15.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,15 @@
# Project Keeper 2.9.15, released 2023-??-??
# Project Keeper 2.9.15, released 2023-10-30

Code name:
Code name: Create issues for vulnerabilities

## Summary

This release updates the `dependencies_check.yml` GitHub workflow to use new [security_issues](https://exasol.github.io/python-toolbox/github_actions/security_issues.html) action. This action will automatically create GitHub issues for vulnerable dependencies found by the [ossindex-maven plugin](https://sonatype.github.io/ossindex-maven/maven-plugin/).

## Features

* #489: Added security_issues workflow

## Documentation

* #485: Added note about `--projects .` command line option to user guide
Expand Down
Original file line number Diff line number Diff line change
@@ -1,12 +1,15 @@
name: Dependencies Check
name: Report Security Issues for Repository

on:
workflow_dispatch:
schedule:
- cron: "0 2 * * *"

jobs:
build:
report_security_issues:
runs-on: ubuntu-latest
permissions:
issues: write

steps:
- uses: actions/checkout@v4
Expand All @@ -16,5 +19,17 @@ jobs:
distribution: "temurin"
java-version: 11
cache: "maven"
- name: Checking dependencies for vulnerabilities
run: mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml

- name: Generate ossindex report
run: |
mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit \
org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate \
-Dossindex.reportFile=$(pwd)/ossindex-report.json \
-Dossindex.fail=false
- name: Report Security Issues
uses: exasol/python-toolbox/.github/actions/security-issues@main
with:
format: "maven"
command: "cat ossindex-report.json"
github-token: ${{ secrets.GITHUB_TOKEN }}

0 comments on commit e8049aa

Please sign in to comment.