Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dependency check github workflow configuration #2659

Merged
merged 11 commits into from
Aug 10, 2023
Merged

Add dependency check github workflow configuration #2659

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
52aeac1
Add dependency check github workflow configuration
Rkareko Aug 8, 2023
38329b3
Merge branch 'main' into security-automation-additions-latest-main
Rkareko Aug 9, 2023
e9410b3
Apply dependency check plugin at all projects level
Rkareko Aug 9, 2023
d678538
Update branch name
Rkareko Aug 9, 2023
7b382e1
Update dependency check report path
Rkareko Aug 9, 2023
a399ae6
Generate dependency check report in xml format
Rkareko Aug 9, 2023
df74831
Merge branch 'main' into security-automation-additions-latest-main
Rkareko Aug 9, 2023
8ab87b1
Update task name
Rkareko Aug 9, 2023
01f7061
Merge branch 'main' into security-automation-additions-latest-main
Rkareko Aug 10, 2023
2825b2d
Add action for uploading dependency check report to defectdojo
Rkareko Aug 10, 2023
764db4e
Comment out action to upload report to defectdojo
bonfaceshisakha Aug 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 74 additions & 0 deletions .github/workflows/dependency-check.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
name: Dependency Check Scan

on:
push:
branches:
# - main
- security-automation-additions-latest-main
pull_request:
types: [opened, synchronize, reopened]
branches:
# - main
- security-automation-additions-latest-main
workflow_dispatch:
# inputs:
env:
FHIR_BASE_URL: ${{secrets.FHIR_BASE_URL}}
OAUTH_BASE_URL: ${{secrets.OAUTH_BASE_URL}}
OAUTH_CIENT_ID: ${{secrets.OAUTH_CLIENT_ID}}
OAUTH_CLIENT_SECRET: ${{secrets.OAUTH_CLIENT_SECRET}}
OAUTH_SCOPE: ${{secrets.OAUTH_SCOPE}}
MAPBOX_SDK_TOKEN: ${{secrets.MAPBOX_SDK_TOKEN}}

jobs:
dependency-check:
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v2
with:
fetch-depth: 0

- name: Set up JDK
uses: actions/setup-java@v3
with:
java-version: 11
distribution: temurin

- name: Grant execute permission for gradlew
run: chmod +x gradlew
working-directory: android

- name: Run Dependency Check
run: |
cd android
./gradlew dependencyCheckAggregate

- name: Upload Dependency Check report in XML format
uses: actions/upload-artifact@v2
with:
name: dependency-check-report
path: android/build/reports/dependency-check-report.xml

# - name: import dependency check report into defectdojo
# run: |
# curl -X POST -H "Content-Type: application/json" \
# -H "Authorization: Token ${DEFECTDOJO_API_KEY}" \
# -d @android/build/reports/dependency-check-report.xml \
# "${DEFECTDOJO_API_URL}/api/v2/engagements/45/tests/247/import-scan/"
# env:
# DEFECTDOJO_API_URL: ${{ secrets.DEFECTDOJO_API_URL }}
# DEFECTDOJO_API_KEY: ${{ secrets.DEFECTDOJO_API_KEY }}



# - name: Run Dependency Check
# uses: dependency-check/Dependency-Check_Action@main
# env:
# JAVA_HOME: /opt/jdk
# with:
# project: "fhircore"
# path: "."
# format: 'XML'
# out: 'reports'
10 changes: 9 additions & 1 deletion android/build.gradle.kts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,14 @@ buildscript {
classpath("de.mannodermaus.gradle.plugins:android-junit5:1.8.2.1")
classpath("com.android.tools.build:gradle:7.1.3")
classpath("org.jetbrains.dokka:dokka-base:1.8.20")
classpath("org.owasp:dependency-check-gradle:8.2.1")
}
}

plugins { id("org.jetbrains.dokka") version "1.8.20" }
plugins {
id("org.jetbrains.dokka") version "1.8.20"
id("org.owasp.dependencycheck") version "8.2.1"
}

tasks.dokkaHtmlMultiModule {
moduleName.set("OpenSRP")
Expand All @@ -41,6 +45,10 @@ allprojects {
mavenCentral()
maven(url = "https://oss.sonatype.org/content/repositories/snapshots")
maven(url = "https://jcenter.bintray.com/")
apply(plugin = "org.owasp.dependencycheck")
tasks.dependencyCheckAggregate{
dependencyCheck.formats.add("XML")
}
}
}

Expand Down
Loading