This is an automated email from the ASF dual-hosted git repository.
gallardot pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
The following commit(s) were added to refs/heads/dev by this push:
new d13abe6b26 [Chore] Improve owasp dependency check (#16305)
d13abe6b26 is described below
commit d13abe6b26ac6490ff132bb045215b6755f0b340
Author: xiangzihao <460888...@qq.com>
AuthorDate: Fri Jul 12 16:13:06 2024 +0800
[Chore] Improve owasp dependency check (#16305)
* improve owasp dependency check
---
.github/workflows/backend.yml | 4 ++--
.github/workflows/owasp-dependency-check.yaml | 15 ++++++++++++---
.github/workflows/unit-test.yml | 4 ++--
pom.xml | 3 ++-
4 files changed, 18 insertions(+), 8 deletions(-)
diff --git a/.github/workflows/backend.yml b/.github/workflows/backend.yml
index b9e707b879..52ccc6c431 100644
--- a/.github/workflows/backend.yml
+++ b/.github/workflows/backend.yml
@@ -67,7 +67,7 @@ jobs:
with:
submodules: true
- name: Set up JDK ${{ matrix.java }}
- uses: actions/setup-java@v2
+ uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: 'adopt'
@@ -160,7 +160,7 @@ jobs:
version: ["3.1.9", "3.2.0"]
steps:
- name: Set up JDK 8
- uses: actions/setup-java@v2
+ uses: actions/setup-java@v4
with:
java-version: 8
distribution: 'adopt'
diff --git a/.github/workflows/owasp-dependency-check.yaml
b/.github/workflows/owasp-dependency-check.yaml
index b4ee52c57d..dc6d02a4b3 100644
--- a/.github/workflows/owasp-dependency-check.yaml
+++ b/.github/workflows/owasp-dependency-check.yaml
@@ -22,7 +22,7 @@ on:
branches:
- '[0-9]+.[0-9]+.[0-9]+-prepare'
- '[0-9]+.[0-9]+.[0-9]+-release'
- pull_request:
+ pull_request_target:
paths:
- '**/pom.xml'
env:
@@ -30,6 +30,9 @@ env:
jobs:
build:
+ permissions:
+ contents: read
+ pull-requests: write
runs-on: ubuntu-latest
timeout-minutes: 120
steps:
@@ -37,12 +40,18 @@ jobs:
with:
submodules: true
- name: Set up JDK 8
- uses: actions/setup-java@v2
+ uses: actions/setup-java@v4
with:
java-version: 8
distribution: 'adopt'
- name: Run OWASP Dependency Check
- run: ./mvnw -B clean install verify dependency-check:check
-DskipDepCheck=false -Dmaven.test.skip=true -Dspotless.skip=true
+ run: |
+ ./mvnw -B clean install verify dependency-check:check \
+ -DskipDepCheck=false \
+ -Dmaven.test.skip=true \
+ -Dspotless.skip=true
+ env:
+ NIST_NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }}
- name: Upload report
uses: actions/upload-artifact@v4
if: ${{ cancelled() || failure() }}
diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml
index e4e413d216..24bfdabe02 100644
--- a/.github/workflows/unit-test.yml
+++ b/.github/workflows/unit-test.yml
@@ -66,7 +66,7 @@ jobs:
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up JDK ${{ matrix.java }}
- uses: actions/setup-java@v2
+ uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: 'adopt'
@@ -95,7 +95,7 @@ jobs:
restore-keys: ${{ runner.os }}-maven-
# Set up JDK 17 for SonarCloud.
- name: Set up JDK 17
- uses: actions/setup-java@v2
+ uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'adopt'
diff --git a/pom.xml b/pom.xml
index 47b1fdef00..7f7bfdda76 100755
--- a/pom.xml
+++ b/pom.xml
@@ -86,7 +86,7 @@
<jacoco.skip>false</jacoco.skip>
<maven-jar-plugin.version>3.2.0</maven-jar-plugin.version>
<exec-maven-plugin.version>3.0.0</exec-maven-plugin.version>
-
<owasp-dependency-check-maven.version>9.2.0</owasp-dependency-check-maven.version>
+
<owasp-dependency-check-maven.version>10.0.2</owasp-dependency-check-maven.version>
<lombok.version>1.18.20</lombok.version>
<awaitility.version>4.2.0</awaitility.version>
<truth.version>1.4.2</truth.version>
@@ -545,6 +545,7 @@
<skipRuntimeScope>true</skipRuntimeScope>
<skipSystemScope>true</skipSystemScope>
<failBuildOnCVSS>7</failBuildOnCVSS>
+
<nvdApiKeyEnvironmentVariable>NIST_NVD_API_KEY</nvdApiKeyEnvironmentVariable>
</configuration>
<executions>
<execution>
