Skip to content

Commit

Permalink
Add owasp dependency check action
Browse files Browse the repository at this point in the history
  • Loading branch information
@sberyozkin
sberyozkin committed Mar 8, 2023
1 parent 2f927eb commit ee40415
Show file tree
Hide file tree
Showing 3 changed files with 119 additions and 27 deletions.
35 changes: 35 additions & 0 deletions .github/workflows/owasp-check.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: "OWASP Dependency Check"

on:

schedule:
- cron: '0 3 * * 0'

jobs:
owasp:
name: OWASP Dependency Check Report
runs-on: ubuntu-latest
if: github.repository == 'quarkusio/quarkus'

strategy:
fail-fast: false

steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 1
ref: main
- name: Setup Java JDK
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 11


- name: Build Java
run: ./mvnw -B --settings .github/mvn-settings.xml -Dquickly-ci install

- name: Perform OWASP Dependency Check Report
run: ./mvnw site
working-directory: ./extensions
25 changes: 0 additions & 25 deletions build-parent/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,8 +175,6 @@

<!-- google cloud functions invoker-->
<gcf-invoker.version>1.1.1</gcf-invoker.version>
<owasp-dependency-check-plugin.version>8.1.2</owasp-dependency-check-plugin.version>

<!-- Jakarta JMS API -->
<jakarta.jms-api.version>3.1.0</jakarta.jms-api.version>
</properties>
Expand Down Expand Up @@ -713,18 +711,6 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${owasp-dependency-check-plugin.version}</version>
<configuration>
<!-- Disable Net Analyzer -->
<assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
<nugetconfAnalyzerEnabled>false</nugetconfAnalyzerEnabled>
<nuspecAnalyzerEnabled>false</nuspecAnalyzerEnabled>
<retireJsAnalyzerEnabled>false</retireJsAnalyzerEnabled>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
Expand Down Expand Up @@ -1241,17 +1227,6 @@
</plugins>
</build>
</profile>
<profile>
<id>owasp-check</id>
<activation>
<property>
<name>owasp-check</name>
</property>
</activation>
<build>
<defaultGoal>dependency-check:check</defaultGoal>
</build>
</profile>
<profile>
<id>Windows</id>
<activation>
Expand Down
86 changes: 84 additions & 2 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,8 @@
<maven.compiler.source>11</maven.compiler.source>
<maven.compiler.release>11</maven.compiler.release>
<maven.compiler.parameters>true</maven.compiler.parameters>

<maven-project-info-reports-plugin.version>3.4.2</maven-project-info-reports-plugin.version>

<graalvmHome>${env.GRAALVM_HOME}</graalvmHome>
<postgres.url>jdbc:postgresql:hibernate_orm_test</postgres.url>

Expand All @@ -66,6 +67,8 @@
<skipDocs>false</skipDocs>
<skip.gradle.tests>false</skip.gradle.tests>

<owasp-dependency-check-plugin.version>8.1.2</owasp-dependency-check-plugin.version>

<!-- Dependency versions -->
<jacoco.version>0.8.8</jacoco.version>
<kubernetes-client.version>6.4.1</kubernetes-client.version> <!-- Please check with Java Operator SDK team before updating -->
Expand Down Expand Up @@ -149,6 +152,18 @@
<artifactId>quarkus-platform-bom-maven-plugin</artifactId>
<version>${quarkus-platform-bom-plugin.version}</version>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${owasp-dependency-check-plugin.version}</version>
<configuration>
<assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
<nugetconfAnalyzerEnabled>false</nugetconfAnalyzerEnabled>
<nuspecAnalyzerEnabled>false</nuspecAnalyzerEnabled>
<retireJsAnalyzerEnabled>false</retireJsAnalyzerEnabled>
<nodeAnalyzerEnabled>false</nodeAnalyzerEnabled>
</configuration>
</plugin>
</plugins>
</pluginManagement>
<extensions>
Expand Down Expand Up @@ -354,6 +369,73 @@
</plugins>
</build>
</profile>
<profile>
<id>owasp-check</id>
<activation>
<property>
<name>owasp-check</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${owasp-dependency-check-plugin.version}</version>
<configuration>
<!-- Disable Net Analyzer -->
<assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
<nugetconfAnalyzerEnabled>false</nugetconfAnalyzerEnabled>
<nuspecAnalyzerEnabled>false</nuspecAnalyzerEnabled>
<retireJsAnalyzerEnabled>false</retireJsAnalyzerEnabled>
</configuration>
</plugin>
</plugins>
<defaultGoal>org.owasp:dependency-check-maven:check</defaultGoal>
</build>
</profile>
<profile>
<id>owasp-report</id>
<activation>
<property>
<name>owasp-report</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
</plugin>
</plugins>
<defaultGoal>org.owasp:dependency-check-maven:aggregate</defaultGoal>
</build>
</profile>
</profiles>

<reporting>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-project-info-reports-plugin</artifactId>
<version>${maven-project-info-reports-plugin.version}</version>
<reportSets>
<reportSet>
<reports/>
</reportSet>
</reportSets>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<reportSets>
<reportSet>
<id>owasp-report</id>
<reports>
<report>aggregate</report>
</reports>
</reportSet>
</reportSets>
</plugin>
</plugins>
</reporting>
</project>

0 comments on commit ee40415

Please sign in to comment.