[#1560] SECURITY: Validate Gradle Wrapper

Closes #1560
remkop · Jan 31, 2022 · 8adcd23 · 8adcd23
1 parent 22c2d94
commit 8adcd23
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -48,6 +48,9 @@ jobs:
       - name: Checkout
         uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
 
+      - name: Validate Gradle Wrapper
+        uses: gradle/wrapper-validation-action@e6e38bacfdf1a337459f332974bb2327a31aaf4b # v1
+
       - name: Configure JDK ${{ matrix.java-version }}
         uses: actions/setup-java@f0bb91606209742fe3ea40199be2f3ef195ecabf # v2
         with:

diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
@@ -55,6 +55,7 @@ Picocli follows [semantic versioning](http://semver.org/).
 * [#1556][#1557] SECURITY: Fix code scanning alert - SAST
 * [#1558] SECURITY: Fix code scanning alert - Pinned-Dependencies in codeql-analysis.yml
 * [#1559] SECURITY: Fix code scanning alert - Token-Permissions in codeql-analysis.yml
+* [#1560] SECURITY: Fix code scanning alert - Binary-Artifacts - Validate Gradle Wrapper
 * [#1491] BUILD: Add build job in CI; Thanks to [Goooler](https://github.com/Goooler) for the pull request.
 * [#1482] BUILD: Optimize gradle; Thanks to [Goooler](https://github.com/Goooler) for the pull request.
 * [#1461] BUILD: Allow publishing without signing for non-release versions. Thanks to [Andreas Deininger](https://github.com/deining) for raising this.