docs: add Sonar Cloud status badges (#27) #107
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Name of the GitHub Actions workflow | |
| name: Scan with OWASP Dependency Check | |
| # Define environment variables | |
| env: | |
| PROJECT_NAME: Mutillidae | |
| OUTPUT_DIR: . | |
| # Define when the workflow should be triggered | |
| on: | |
| push: | |
| branches: | |
| - development | |
| - main | |
| # Define the job(s) to be executed within the workflow | |
| jobs: | |
| depchecktest: | |
| name: Scan with OWASP Dependency Check | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| # Define permissions for specific actions | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Scan with OWASP Dependency Check | |
| id: owasp-dependency-check | |
| uses: dependency-check/Dependency-Check_Action@main | |
| with: | |
| project: $PROJECT_NAME | |
| path: ${{ env.OUTPUT_DIR }} | |
| format: SARIF | |
| out: ${{ env.OUTPUT_DIR }} | |
| args: > | |
| --enableRetired | |
| continue-on-error: true | |
| - name: Upload results from OWASP Dependency Check to GitHub Code Scanning | |
| uses: github/codeql-action/upload-sarif@main | |
| with: | |
| sarif_file: ${{ env.OUTPUT_DIR }}/dependency-check-report.sarif | |
| category: "Scan-dependencies-code-with-OWASP-Dependency-Check" |