1- name : CVE Scanning for Maven
1+ name : CVE Scanning for Maven Projects
22
33on :
44 workflow_dispatch :
@@ -22,20 +22,24 @@ jobs:
2222 matrix :
2323 java-version : [ '21' ]
2424 module-folder : [
25- ' translator'
25+ ' translator' ,
26+ ' calm-hub'
2627 ]
2728 steps :
2829 - name : Checkout
2930 uses : actions/checkout@v4
31+
3032 - name : Setup JDK
3133 uses : actions/setup-java@v4
3234 with :
3335 java-version : ${{ matrix.java-version }}
3436 cache : maven
3537 distribution : ' adopt'
38+
3639 - name : Build with Maven
37- run : mvn clean install -Dmaven.test.skip=true
40+ run : mvn -DskipTests verify
3841 working-directory : ${{ matrix.module-folder }}
42+
3943 - name : Depcheck
4044 uses : dependency-check/Dependency-Check_Action@main
4145 id : Depcheck
@@ -45,15 +49,20 @@ jobs:
4549 project : ' ${{ matrix.module-folder }}'
4650 path : ' ${{ matrix.module-folder }}'
4751 format : ' HTML'
48- out : ' ${{ matrix.module-folder }}-reports' # this is the default, no need to specify unless you wish to override it
52+ out : ' ${{ matrix.module-folder }}-reports'
4953 args : >
50- --suppression .github/maven-cve-ignore-list.xml
51- --failOnCVSS 5
52- --enableRetired
54+ --suppression .github/maven-cve-ignore-list.xml
55+ --failOnCVSS 5
56+ --enableRetired
57+ --exclude "**/package.json"
58+ --exclude "**/package-lock.json"
59+ --disableNodeAudit
60+ --disableYarnAudit
61+ --disableRetireJS
5362
5463name : Upload Test results
5564 if : ${{ always() }}
5665 uses : actions/upload-artifact@v4
5766 with :
5867 name : Depcheck report ${{ github.job }} ${{ matrix.module-folder }}
59- path : ${{ github.workspace }}/${{ matrix.module-folder }}-reports
68+ path : ${{ github.workspace }}/${{ matrix.module-folder }}-reports
0 commit comments