Skip to content

CI workflow to check dependencies with OWASP #3021

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
eolivelli merged 2 commits into from
Feb 3, 2022
Merged

CI workflow to check dependencies with OWASP #3021

eolivelli merged 2 commits into from
Feb 3, 2022

Conversation

@dlg99
Copy link
Contributor

@dlg99 dlg99 commented Jan 27, 2022

Motivation

Detect CVEs early and make them visible to the committers

Changes

Added GH workflow that will fail if new CVE with level > 7 detected. The plan is to not treat it as blocking merge.
Currently some projects that will not pass the check until other pending PRs are merged.

@dlg99 dlg99 marked this pull request as draft January 27, 2022 19:06
nicoloboschi
nicoloboschi requested changes Jan 27, 2022
View reviewed changes
.github/workflows/owasp-dep-check.yml Outdated
with:
java-version: 1.8

- name: run "clean install verify" to trigger dependency check
Copy link
Contributor

@nicoloboschi nicoloboschi Jan 27, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gradle?

Copy link
Contributor Author

@dlg99 dlg99 Jan 27, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

.github/workflows/owasp-dep-check.yml Outdated
java-version: 1.8

- name: run "clean install verify" to trigger dependency check
run: ./gradlew clean build -x microbenchmarks:checkstyleMain -x spotbugsTest -x signDistTar -x test dependencyCheckAggregate
Copy link
Contributor

@nicoloboschi nicoloboschi Jan 27, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

-x sptbugsTest and -x microbenchmarks:checkstyleMain are not necessary

Copy link
Contributor Author

@dlg99 dlg99 Jan 27, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

@dlg99 dlg99 marked this pull request as ready for review February 3, 2022 00:42
@eolivelli eolivelli merged commit b8351cb into apache:master Feb 3, 2022
StevenLuMT pushed a commit to StevenLuMT/bookkeeper that referenced this pull request Feb 16, 2022
@dlg99 @StevenLuMT
CI workflow to check dependencies with OWASP (apache#3021)
8e0ad18
Ghatage pushed a commit to sijie/bookkeeper that referenced this pull request Jul 12, 2024
@dlg99
CI workflow to check dependencies with OWASP (apache#3021)
b49ff95
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nicoloboschi nicoloboschi nicoloboschi requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dlg99 @nicoloboschi @eolivelli