From 80bcd9eb2d18f64e5c4238660d9af9faadc445b3 Mon Sep 17 00:00:00 2001 From: Vanye Wadawasina Date: Thu, 30 Jan 2025 09:59:32 -0800 Subject: [PATCH 1/5] dependency check testing --- .github/workflows/dependency-check.yml | 59 ++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 .github/workflows/dependency-check.yml diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml new file mode 100644 index 00000000..b340f366 --- /dev/null +++ b/.github/workflows/dependency-check.yml @@ -0,0 +1,59 @@ +name: Dependency Security Scan + +on: + pull_request: + branches: + - master + - develop + +jobs: + dependency-check: + name: OWASP Dependency Check + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + ## 🔹 Java 8 (Spring Boot) Dependency Check + - name: Set up JDK 8 + uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: '8' + + - name: Run OWASP Dependency Check for Java (Spring Boot) + uses: dependency-check/Dependency-Check_Action@main + with: + project: "VulnerableApp Java Dependencies" + path: "./" + format: "HTML" + output: "dependency-check-report" + failOnCVSS: 7 # Fail build if vulnerabilities CVSS >= 7 + + - name: Upload Java Dependency Check Report + uses: actions/upload-artifact@v4 + with: + name: Java-Dependency-Check-Report + path: dependency-check-report + + ## 🔹 ReactJS / JavaScript / TypeScript Dependency Check + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 18 + + - name: Install Dependencies + run: npm install + + - name: Run NPM Audit (Detect Vulnerabilities) + run: npm audit --audit-level=high || true # Ensures it doesn't fail the pipeline + + - name: Save NPM Audit Report + run: npm audit --json > npm-audit-report.json + + - name: Upload NPM Audit Report + uses: actions/upload-artifact@v4 + with: + name: NPM-Audit-Report + path: npm-audit-report.json From ce21ccdd0e595dfad2ba84cc66f7c1ac62bc2c17 Mon Sep 17 00:00:00 2001 From: Vanye Wadawasina Date: Thu, 30 Jan 2025 10:06:10 -0800 Subject: [PATCH 2/5] dependency check testing --- .github/workflows/dependency-check.yml | 76 ++++++++------------------ 1 file changed, 24 insertions(+), 52 deletions(-) diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml index b340f366..7ad09d21 100644 --- a/.github/workflows/dependency-check.yml +++ b/.github/workflows/dependency-check.yml @@ -1,59 +1,31 @@ -name: Dependency Security Scan +name: Security Check on: + push: + branches: [ main ] pull_request: - branches: - - master - - develop + branches: [ main ] jobs: - dependency-check: - name: OWASP Dependency Check + security: runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - ## 🔹 Java 8 (Spring Boot) Dependency Check - - name: Set up JDK 8 - uses: actions/setup-java@v3 - with: - distribution: 'temurin' - java-version: '8' - - - name: Run OWASP Dependency Check for Java (Spring Boot) - uses: dependency-check/Dependency-Check_Action@main - with: - project: "VulnerableApp Java Dependencies" - path: "./" - format: "HTML" - output: "dependency-check-report" - failOnCVSS: 7 # Fail build if vulnerabilities CVSS >= 7 - - - name: Upload Java Dependency Check Report - uses: actions/upload-artifact@v4 - with: - name: Java-Dependency-Check-Report - path: dependency-check-report - - ## 🔹 ReactJS / JavaScript / TypeScript Dependency Check - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: 18 - - - name: Install Dependencies - run: npm install - - - name: Run NPM Audit (Detect Vulnerabilities) - run: npm audit --audit-level=high || true # Ensures it doesn't fail the pipeline - - - name: Save NPM Audit Report - run: npm audit --json > npm-audit-report.json - - - name: Upload NPM Audit Report - uses: actions/upload-artifact@v4 - with: - name: NPM-Audit-Report - path: npm-audit-report.json + - uses: actions/checkout@v2 + + - name: Set up JDK + uses: actions/setup-java@v2 + with: + java-version: '11' + distribution: 'adopt' + + - name: Grant execute permission for gradlew + run: chmod +x gradlew + + - name: Run dependency check + run: ./gradlew dependencyCheckAnalyze + + - name: Upload dependency check report + uses: actions/upload-artifact@v2 + with: + name: dependency-check-report + path: build/reports/dependency-check-report.html \ No newline at end of file From ed9930b7c37842b2c707bc90df5a84cb4cffa5e2 Mon Sep 17 00:00:00 2001 From: Vanye Wadawasina Date: Thu, 30 Jan 2025 10:14:18 -0800 Subject: [PATCH 3/5] dependency check testing --- .github/workflows/dependency-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml index 7ad09d21..4a70c99f 100644 --- a/.github/workflows/dependency-check.yml +++ b/.github/workflows/dependency-check.yml @@ -4,7 +4,7 @@ on: push: branches: [ main ] pull_request: - branches: [ main ] + branches: [ develop ] jobs: security: From 3d9d4b5eb396d8b59c7d873db8e75e418498af16 Mon Sep 17 00:00:00 2001 From: Vanye Wadawasina Date: Thu, 30 Jan 2025 10:17:13 -0800 Subject: [PATCH 4/5] dependency check testing --- .github/workflows/dependency-check.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml index 4a70c99f..2f570a19 100644 --- a/.github/workflows/dependency-check.yml +++ b/.github/workflows/dependency-check.yml @@ -1,11 +1,10 @@ name: Security Check on: - push: - branches: [ main ] pull_request: - branches: [ develop ] - + branches: + - main + - develop jobs: security: runs-on: ubuntu-latest From 2155cc68ad5a84695a7e787285c94b8e94eac125 Mon Sep 17 00:00:00 2001 From: Vanye Wadawasina Date: Thu, 30 Jan 2025 10:18:28 -0800 Subject: [PATCH 5/5] dependency check testing --- .github/workflows/dependency-check.yml | 75 ++++++++++++++++++-------- 1 file changed, 52 insertions(+), 23 deletions(-) diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml index 2f570a19..d9913d61 100644 --- a/.github/workflows/dependency-check.yml +++ b/.github/workflows/dependency-check.yml @@ -1,30 +1,59 @@ -name: Security Check +name: Dependency Security Scan on: pull_request: branches: - - main - - develop + - main + - develop + jobs: - security: + dependency-check: + name: OWASP Dependency Check runs-on: ubuntu-latest + steps: - - uses: actions/checkout@v2 - - - name: Set up JDK - uses: actions/setup-java@v2 - with: - java-version: '11' - distribution: 'adopt' - - - name: Grant execute permission for gradlew - run: chmod +x gradlew - - - name: Run dependency check - run: ./gradlew dependencyCheckAnalyze - - - name: Upload dependency check report - uses: actions/upload-artifact@v2 - with: - name: dependency-check-report - path: build/reports/dependency-check-report.html \ No newline at end of file + - name: Checkout code + uses: actions/checkout@v4 + + ## 🔹 Java 8 (Spring Boot) Dependency Check + - name: Set up JDK 8 + uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: '8' + + - name: Run OWASP Dependency Check for Java (Spring Boot) + uses: dependency-check/Dependency-Check_Action@main + with: + project: "VulnerableApp Java Dependencies" + path: "./" + format: "HTML" + output: "dependency-check-report" + failOnCVSS: 7 # Fail build if vulnerabilities CVSS >= 7 + + - name: Upload Java Dependency Check Report + uses: actions/upload-artifact@v4 + with: + name: Java-Dependency-Check-Report + path: dependency-check-report + + ## 🔹 ReactJS / JavaScript / TypeScript Dependency Check + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 18 + + - name: Install Dependencies + run: npm install + + - name: Run NPM Audit (Detect Vulnerabilities) + run: npm audit --audit-level=high || true # Ensures it doesn't fail the pipeline + + - name: Save NPM Audit Report + run: npm audit --json > npm-audit-report.json + + - name: Upload NPM Audit Report + uses: actions/upload-artifact@v4 + with: + name: NPM-Audit-Report + path: npm-audit-report.json