Skip to content

OWASP dependency check (daily) #833

OWASP dependency check (daily)

OWASP dependency check (daily) #833

# the benefit of this over dependabot is that this also analyzes transitive dependencies
# while dependabot (at least currently) only analyzes top-level dependencies
name: OWASP dependency check (daily)
on:
schedule:
- cron: '30 1 * * *'
workflow_dispatch:
jobs:
analyze:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Java 17
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
- uses: gradle/gradle-build-action@v3
env:
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
with:
arguments: ":agent:agent:dependencyCheckAnalyze"
- name: Upload report
if: always()
uses: actions/upload-artifact@v4
with:
path: agent/agent/build/reports
scheduled-job-notification:
permissions:
issues: write
needs:
- analyze
if: always()
uses: ./.github/workflows/reusable-scheduled-job-notification.yml
with:
success: ${{ needs.analyze.result == 'success' }}