forked from WebGoat/WebGoat
-
Notifications
You must be signed in to change notification settings - Fork 0
38 lines (31 loc) · 1.41 KB
/
wb-sca.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
name: WaterBoa Software Composition Analysis
on:
workflow_dispatch
jobs:
login:
runs-on: ubuntu-latest
steps:
-
name: Login to ACR
uses: docker/login-action@v2
with:
registry: ${{ secrets.ACR_GUAYOYO_URL }}
username: ${{ secrets.ACR_GUAYOYO_USER }}
password: ${{ secrets.ACR_GUAYOYO_TOKEN }}
- uses: actions/checkout@v3
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 17
architecture: x64
-
name: Pull image from docker
run: docker pull ${{ secrets.ACR_GUAYOYO_URL }}/wb-sca-dependencycheck-java
-
name: Compile Project
run: mvn clean package -DskipTests
#Compile project, so we can analyze project content and dependencies
-
name: Run image from docker
run: docker run --rm -e SENDGRID_API_KEY='${{ secrets.SENDGRID_API_KEY }}' -e FROM_ADDR='${{ secrets.WB_MAIL_FROM }}' -e TO_ADDR='${{ secrets.WB_MAIL_TO }}' -e MAIL_SJT='Software Composition Analysis' -e MAIL_BODY='SCA Results' -e FILE_PATH='/report/dependency-check-report.html' -e ATCH_TYPE='text/html' -e ATCH_NAME='webgoat-dependency-check-report.html' -e ATCH_ID='001' -e ATCH_DISP='' -v '${{ github.workspace }}:/src' ${{ secrets.ACR_GUAYOYO_URL }}/wb-sca-dependencycheck-java:latest