Merge branch 'feature/add-auth-to-ws-20241111' into development #215
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Name of the GitHub Actions workflow | |
name: Scan with OWASP Dependency Check | |
on: | |
# Trigger the workflow on the following events: | |
# Scan changed files in Pull Requests (diff-aware scanning). | |
pull_request: {} | |
# Trigger the workflow on-demand through the GitHub Actions interface. | |
workflow_dispatch: {} | |
# Scan mainline branches (main and development) and report all findings. | |
push: | |
branches: ["development"] | |
# Define the job(s) to be executed within the workflow | |
jobs: | |
depchecktest: | |
name: Scan with OWASP Dependency Check | |
runs-on: [ 'ubuntu-latest' ] # Use the latest version of Ubuntu | |
# Define permissions for specific actions | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@main | |
# Step: Checkout code | |
# Action to check out the code from the repository | |
# This step fetches the codebase from the GitHub repository | |
- name: Scan with OWASP Dependency Check | |
uses: dependency-check/Dependency-Check_Action@main | |
id: Depcheck | |
with: | |
project: 'Mutillidae' # Project name for Dependency Check | |
path: '.' # Scan all files in the current directory | |
format: 'SARIF' # Output format for scan results | |
out: '.' # Output directory (default is the current directory) | |
args: > | |
--enableRetired # Additional scan arguments for Dependency Check | |
continue-on-error: true | |
# Step: Scan with OWASP Dependency Check | |
# Action to run OWASP Dependency Check to scan dependencies | |
# It identifies vulnerabilities in project dependencies | |
- name: Upload results from OWASP Dependency Check to GitHub Code Scanning | |
uses: github/codeql-action/upload-sarif@main | |
with: | |
sarif_file: dependency-check-report.sarif | |
# Step: Upload results to GitHub Code Scanning | |
# Action to upload the results of the OWASP Dependency Check scan in SARIF format | |
# This allows viewing and analyzing the scan results in the GitHub repository | |
category: "Scan-dependencies-code-with-OWASP-Dependency-Check" | |
# Specify a category to distinguish between multiple analyses | |
# for the same tool and ref. If you don't use `category` in your workflow, | |
# GitHub will generate a default category name for you |