File tree Expand file tree Collapse file tree 4 files changed +77
-4
lines changed Expand file tree Collapse file tree 4 files changed +77
-4
lines changed Original file line number Diff line number Diff line change 4343 mvn \
4444 --no-transfer-progress \
4545 --batch-mode ${{ inputs.mvn-options }} \
46- clean compile ${{ inputs.mvn-args }}
46+ clean compile site ${{ inputs.mvn-args }}
47+
48+ name : Upload SBOM
49+ uses : actions/upload-artifact@v3
50+ with :
51+ name : bom.json
52+ path : ' target/bom.json'
4753
4854 test-coverage :
4955 runs-on : ubuntu-20.04
6773
6874name : Upload code coverage
6975 uses : codecov/codecov-action@v3
76+
77+ scan :
78+ name : Scan with Trivy
79+ needs : build
80+ runs-on : ubuntu-latest
81+ steps :
82+ - uses : actions/checkout@v3
83+ - name : Install Trivy CLI
84+ run : |
85+ wget https://github.com/aquasecurity/trivy/releases/download/v0.39.1/trivy_0.39.1_Linux-64bit.deb
86+ sudo dpkg -i trivy_0.39.1_Linux-64bit.deb
87+ uses : actions/download-artifact@v3
88+ with :
89+ name : bom.json
90+ - name : Run Trivy with SBOM
91+ run : trivy sbom --exit-code 1 --severity CRITICAL,HIGH ./bom.json
Original file line number Diff line number Diff line change 5454 - name : Upload code coverage
5555 uses : codecov/codecov-action@v3
5656
57+ scan :
58+ name : Scan with Trivy
59+ needs : build
60+ runs-on : ubuntu-latest
61+ steps :
62+ - uses : actions/checkout@v3
63+ - name : Install Trivy CLI
64+ run : |
65+ wget https://github.com/aquasecurity/trivy/releases/download/v0.39.1/trivy_0.39.1_Linux-64bit.deb
66+ sudo dpkg -i trivy_0.39.1_Linux-64bit.deb
67+ uses : actions/download-artifact@v3
68+ with :
69+ name : bom.json
70+ - name : Run Trivy with SBOM
71+ run : trivy sbom --exit-code 1 --severity CRITICAL,HIGH ./bom.json
Original file line number Diff line number Diff line change 4848 run : npm run validate
4949
5050 - name : Build server jar
51- run : mvn --batch-mode clean package -f pom.xml -P="server"
51+ run : mvn --batch-mode clean package site -f pom.xml -P="server"
5252
5353 - name : Build client jar
54- run : mvn --batch-mode clean package -f pom.xml -P="client"
54+ run : mvn --batch-mode clean package site -f pom.xml -P="client"
5555
56+ scan :
57+ name : Scan with Trivy
58+ needs : bundle
59+ runs-on : ubuntu-latest
60+ steps :
61+ - uses : actions/checkout@v3
62+ - name : Install Trivy CLI
63+ run : |
64+ wget https://github.com/aquasecurity/trivy/releases/download/v0.39.1/trivy_0.39.1_Linux-64bit.deb
65+ sudo dpkg -i trivy_0.39.1_Linux-64bit.deb
66+ uses : actions/download-artifact@v3
67+ with :
68+ name : bom.json
69+ - name : Run Trivy with SBOM
70+ run : trivy sbom --exit-code 1 --severity CRITICAL,HIGH ./bom.json
Original file line number Diff line number Diff line change 3636 echo "::set-output name=SHA_7::${GITHUB_SHA::7}"
3737id : commit_info
3838 - name : Build package
39- run : mvn --batch-mode -Dcommit.number=${{ steps.commit_info.outputs.COMMIT_NUMBER }} -Drevision="1.${{ steps.commit_info.outputs.COMMIT_NUMBER }}-${{ steps.commit_info.outputs.SHA_7 }}" clean compile -f pom.xml
39+ run : mvn --batch-mode -Dcommit.number=${{ steps.commit_info.outputs.COMMIT_NUMBER }} -Drevision="1.${{ steps.commit_info.outputs.COMMIT_NUMBER }}-${{ steps.commit_info.outputs.SHA_7 }}" clean compile site -f pom.xml
4040
41+ - name : Upload SBOM
42+ uses : actions/upload-artifact@v3
43+ with :
44+ name : bom.json
45+ path : ' target/bom.json'
46+
47+ scan :
48+ name : Scan with Trivy
49+ needs : build
50+ runs-on : ubuntu-latest
51+ steps :
52+ - uses : actions/checkout@v3
53+ - name : Install Trivy CLI
54+ run : |
55+ wget https://github.com/aquasecurity/trivy/releases/download/v0.39.1/trivy_0.39.1_Linux-64bit.deb
56+ sudo dpkg -i trivy_0.39.1_Linux-64bit.deb
57+ uses : actions/download-artifact@v3
58+ with :
59+ name : bom.json
60+ - name : Run Trivy with SBOM
61+ run : trivy sbom --exit-code 1 --severity CRITICAL,HIGH ./bom.json
You can’t perform that action at this time.
0 commit comments