libresign/.github/workflows/owasp-dependency-check.yml at 28321b57fa8a244ab07cc06cb51e2bd035e22b98 · LibreSign/libresign · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# SPDX-FileCopyrightText: 2024 LibreCode coop and contributors
# SPDX-License-Identifier: AGPL-3.0-or-later

name: "OWASP Dependency-Check"

on: pull_request

jobs:
  dependency-check:
    if: false # temporary disabled
    runs-on: ubuntu-latest
    steps:
      - name: Check out code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

      - name: Run OWASP Dependency-Check
        uses: dependency-check/Dependency-Check_Action@main
        with:
          format: 'ALL'
          project: 'LibreSign'
          path: './'
          args: >
            --failOnCVSS 7
            --enableRetired
            --enableExperimental

      - name: Upload Dependency-Check report
        uses: actions/upload-artifact@master
        with:
          name: dependency-check-report
          path: dependency-check-report.html