From 4753c6752f7d8ba95202703850bd96be2e5e89c9 Mon Sep 17 00:00:00 2001 From: Jonas Israel Date: Tue, 23 Sep 2025 11:56:28 +0200 Subject: [PATCH 1/5] add oss Index credentials --- .github/workflows/fosstars-report.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/fosstars-report.yml b/.github/workflows/fosstars-report.yml index f3de0ab6c..c5bc0fa39 100644 --- a/.github/workflows/fosstars-report.yml +++ b/.github/workflows/fosstars-report.yml @@ -44,8 +44,11 @@ jobs: - name: "CVE Scan" env: NVD_API_KEY: ${{ secrets.NVD_API_KEY }} - run: | - mvn -T1 --no-transfer-progress --batch-mode org.owasp:dependency-check-maven:check org.owasp:dependency-check-maven:aggregate + run: > + mvn -T1 --no-transfer-progress + --batch-mode org.owasp:dependency-check-maven:check org.owasp:dependency-check-maven:aggregate + --ossIndexUsername "${{ secrets.OSS_INDEX_USERNAME }}" + --ossIndexPassword "${{ secrets.OSS_INDEX_PASSWORD }}" - name: "Archive CVE Report" uses: actions/upload-artifact@v4 From beded3a2ffc152b326f175de10fbfde7a83b368d Mon Sep 17 00:00:00 2001 From: Jonas Israel Date: Tue, 23 Sep 2025 12:10:08 +0200 Subject: [PATCH 2/5] try using env variables --- .github/workflows/fosstars-report.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/fosstars-report.yml b/.github/workflows/fosstars-report.yml index c5bc0fa39..7754d9d33 100644 --- a/.github/workflows/fosstars-report.yml +++ b/.github/workflows/fosstars-report.yml @@ -44,11 +44,10 @@ jobs: - name: "CVE Scan" env: NVD_API_KEY: ${{ secrets.NVD_API_KEY }} - run: > - mvn -T1 --no-transfer-progress - --batch-mode org.owasp:dependency-check-maven:check org.owasp:dependency-check-maven:aggregate - --ossIndexUsername "${{ secrets.OSS_INDEX_USERNAME }}" - --ossIndexPassword "${{ secrets.OSS_INDEX_PASSWORD }}" + ODC_OSS_INDEX_USERNAME: ${{ secrets.OSS_INDEX_USERNAME }} + ODC_OSS_INDEX_PASSWORD: ${{ secrets.OSS_INDEX_PASSWORD }} + run: | + mvn -T1 --no-transfer-progress --batch-mode org.owasp:dependency-check-maven:check org.owasp:dependency-check-maven:aggregate - name: "Archive CVE Report" uses: actions/upload-artifact@v4 From 0457b937515cb312e245c9e8f187a226ceb8e804 Mon Sep 17 00:00:00 2001 From: Jonas Israel Date: Tue, 23 Sep 2025 14:08:18 +0200 Subject: [PATCH 3/5] use settings xml --- .github/workflows/fosstars-report.yml | 31 +++++++++++++++------------ 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/.github/workflows/fosstars-report.yml b/.github/workflows/fosstars-report.yml index 7754d9d33..2541877e6 100644 --- a/.github/workflows/fosstars-report.yml +++ b/.github/workflows/fosstars-report.yml @@ -41,13 +41,16 @@ jobs: MVN_ARGS="${{ env.MVN_MULTI_THREADED_ARGS }} clean install -DskipTests -DskipFormatting" mvn $MVN_ARGS + - name: "Create settings.xml" + run: | + echo '${{ secrets.OSS_INDEX_SETTINGS_XML }}' > settings.xml + - name: "CVE Scan" env: NVD_API_KEY: ${{ secrets.NVD_API_KEY }} - ODC_OSS_INDEX_USERNAME: ${{ secrets.OSS_INDEX_USERNAME }} - ODC_OSS_INDEX_PASSWORD: ${{ secrets.OSS_INDEX_PASSWORD }} - run: | - mvn -T1 --no-transfer-progress --batch-mode org.owasp:dependency-check-maven:check org.owasp:dependency-check-maven:aggregate + run: > + mvn -T1 --no-transfer-progress -s settings.xml + --batch-mode org.owasp:dependency-check-maven:check org.owasp:dependency-check-maven:aggregate - name: "Archive CVE Report" uses: actions/upload-artifact@v4 @@ -79,13 +82,13 @@ jobs: report-branch: fosstars-report token: ${{ secrets.GITHUB_TOKEN }} - - name: "Slack Notification" - if: failure() - uses: slackapi/slack-github-action@v2.1.1 - with: - webhook: ${{ secrets.SLACK_WEBHOOK }} - webhook-type: incoming-webhook - payload: | - { - "text": "⚠️ OWASP Dependency check failed! 😬 Please inspect & fix by clicking " - } +# - name: "Slack Notification" +# if: failure() +# uses: slackapi/slack-github-action@v2.1.1 +# with: +# webhook: ${{ secrets.SLACK_WEBHOOK }} +# webhook-type: incoming-webhook +# payload: | +# { +# "text": "⚠️ OWASP Dependency check failed! 😬 Please inspect & fix by clicking " +# } From 15689772d3e0f6afc90a58d3a87ff83ab71de954 Mon Sep 17 00:00:00 2001 From: Jonas Israel Date: Tue, 23 Sep 2025 14:23:13 +0200 Subject: [PATCH 4/5] use settings xml --- pom.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/pom.xml b/pom.xml index 274c2c80c..dd1a47442 100644 --- a/pom.xml +++ b/pom.xml @@ -780,6 +780,7 @@ https://gitbox.apache.org/repos/asf?p=maven-pmd-plugin.git;a=blob_plain;f=src/ma ${project.rootdir}/.pipeline/dependency-check-suppression.xml 46 true + ossindex From 7fc5fbef2bd6847e28eacbbc1f210c8231acd99a Mon Sep 17 00:00:00 2001 From: Jonas Israel Date: Tue, 23 Sep 2025 14:35:11 +0200 Subject: [PATCH 5/5] re-enable Slack --- .github/workflows/fosstars-report.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/fosstars-report.yml b/.github/workflows/fosstars-report.yml index 2541877e6..fadd925db 100644 --- a/.github/workflows/fosstars-report.yml +++ b/.github/workflows/fosstars-report.yml @@ -82,13 +82,13 @@ jobs: report-branch: fosstars-report token: ${{ secrets.GITHUB_TOKEN }} -# - name: "Slack Notification" -# if: failure() -# uses: slackapi/slack-github-action@v2.1.1 -# with: -# webhook: ${{ secrets.SLACK_WEBHOOK }} -# webhook-type: incoming-webhook -# payload: | -# { -# "text": "⚠️ OWASP Dependency check failed! 😬 Please inspect & fix by clicking " -# } + - name: "Slack Notification" + if: failure() + uses: slackapi/slack-github-action@v2.1.1 + with: + webhook: ${{ secrets.SLACK_WEBHOOK }} + webhook-type: incoming-webhook + payload: | + { + "text": "⚠️ OWASP Dependency check failed! 😬 Please inspect & fix by clicking " + }