Add Build Backend Module CI and OWASP dependency check#522
Add Build Backend Module CI and OWASP dependency check#522wikumChamith wants to merge 1 commit intoopenmrs:masterfrom
Conversation
wikumChamith
commented
Feb 16, 2026
wikumChamith
commented
- Add OWASP dependency check workflow and integrate it into the CI pipeline
- Fix ChromeHeadless sandbox issue in GitHub Actions by switching to a custom ChromeHeadlessNoSandbox launcher
- Disable Node Audit Analyzer due to incompatible npm-shrinkwrap.json
| @@ -0,0 +1,86 @@ | |||
| name: OWASP Dependency Check | |||
|
|
|||
| on: | |||
There was a problem hiding this comment.
Are we going to duplicate this in every module?
There was a problem hiding this comment.
Nope. We can simplify this after the PR in the openmrs/openmrs-contrib-gha-workflows gets merged.
name: Build with Maven
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
jobs:
build:
uses: openmrs/openmrs-contrib-gha-workflows/.github/workflows/build-backend-module.yml@main
with:
java_versions: '[8, 11, 17, 21]'
main_java_version: '8'
secrets:
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
There was a problem hiding this comment.
@dkayiwa My goal here was to have a smaller blast radius to look at the effects this will have. My concern is that there will be vulnerable dependencies marked in this module, but which are included as part of openmrs-core and not directly as part of this module. This is is a useful testbed because coreapps literally has no dependencies that it bundles itself, so everything is transitive and should be excluded.
There was a problem hiding this comment.
@wikumChamith However, can we inline this so that the build can be done on the PR? That way we don't need to merge this in to get a result.
- Add OWASP dependency check workflow and integrate it into the CI pipeline - Fix ChromeHeadless sandbox issue in GitHub Actions by switching to a custom ChromeHeadlessNoSandbox launcher - Disable Node Audit Analyzer due to incompatible npm-shrinkwrap.json
3 participants
