From ca3a434fd4babf02e17740cb4ef239fe10d12d01 Mon Sep 17 00:00:00 2001
From: 133tosakarin <2326884052@qq.com>
Date: Mon, 2 Dec 2024 10:17:03 +0800
Subject: [PATCH] dependency-check

---
 .github/workflows/vulnerability-scanning.yml | 62 ++++++++++++++++++++
 pom.xml                                      |  6 +-
 2 files changed, 67 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/vulnerability-scanning.yml

diff --git a/.github/workflows/vulnerability-scanning.yml b/.github/workflows/vulnerability-scanning.yml
new file mode 100644
index 000000000000..a92bac71de16
--- /dev/null
+++ b/.github/workflows/vulnerability-scanning.yml
@@ -0,0 +1,62 @@
+name: Weekly Check
+on:
+  schedule:
+    # Run at UTC 19:00 every day (CST 03:00 AM)
+    - cron: '0 0 * * 0'
+  push:
+    branches:
+      - master
+      - 'rel/*'
+      - "rc/*"
+    paths-ignore:
+      - 'docs/**'
+      - 'site/**'
+  pull_request:
+    branches:
+      - master
+      - 'rel/*'
+      - "rc/*"
+    paths-ignore:
+      - 'docs/**'
+      - 'site/**'
+  # allow manually run the action:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3
+  MAVEN_ARGS: --batch-mode --no-transfer-progress
+  DEVELOCITY_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
+
+jobs:
+  dependency-check:
+    strategy:
+      fail-fast: false
+      max-parallel: 15
+      matrix:
+        java: [ 17 ]
+        os: [ ubuntu-latest ]
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK ${{ matrix.java }}
+        uses: actions/setup-java@v4
+        with:
+          distribution: corretto
+          java-version: ${{ matrix.java }}
+      - name: Cache Maven packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2-
+      - name: Do the dependency-check:check
+        shell: bash
+        run: mvn org.owasp:dependency-check-maven:check
+      - name: Do the dependency-check:aggregate
+        shell: bash
+        run: mvn org.owasp:dependency-check-maven:aggregate
diff --git a/pom.xml b/pom.xml
index 69d2ed5bcfa5..0e621ead9b78 100644
--- a/pom.xml
+++ b/pom.xml
@@ -713,6 +713,11 @@
                 <artifactId>error_prone_annotations</artifactId>
                 <version>2.18.0</version>
             </dependency>
+            <dependency>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                <version>11.1.0</version>
+            </dependency>
             <!-- Conflict:
         jackson-json-provider (pulls in 2.15.2),
         jackson-databind (pulls in 2.15.2),
@@ -1979,7 +1984,6 @@
                             </execution>
                         </executions>
                     </plugin>
-                    <!-- overwrite argLine-->
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-surefire-plugin</artifactId>