Skip to content

OWASP dependency check (daily) #28

OWASP dependency check (daily)

OWASP dependency check (daily) #28

# the benefit of this over renovate is that this also analyzes transitive dependencies
# while renovate (at least currently) only analyzes top-level dependencies
name: OWASP dependency check (daily)
on:
schedule:
- cron: '30 1 * * *'
workflow_dispatch:
jobs:
analyze:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 17
- uses: gradle/gradle-build-action@v2
with:
arguments: "dependencyCheckAnalyze"
- name: Upload report
if: always()
uses: actions/upload-artifact@v3
with:
path: javaagent/build/reports