Skip to content
OWASP

Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.7.0 to 3.8.0 #664

Sign in to view logs

Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.7.0 to 3.8.0

Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.7.0 to 3.8.0 #664

Workflow file for this run

.github/workflows/owasp-dependency-check.yml at 463f97c
name: 'OWASP'
env:
MAVEN_OPTS: -Djava.awt.headless=true
on:
pull_request:
schedule:
- cron: "17 23 * * 0"
workflow_dispatch:
jobs:
owasp:
name: 'Dependency Check'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 'Set up JDK'
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 11
cache: 'maven'
- name: 'OWASP Dependency Check'
continue-on-error: true
env:
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
run: mvn -U install -DskipTests -DskipITs -Dmaven.test.skip=true org.owasp:dependency-check-maven:check -fae -B -Dorg.slf4j.simpleLogger.defaultLogLevel=WARN -DfailBuildOnCVSS=5
- name: 'Upload result to GitHub Code Scanning'
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: target/dependency-check-report.sarif
- name: 'Cleanup snapshots'
run: mvn clean build-helper:remove-project-artifact