diff --git a/.github/workflows/compound-java-scan.properties.json b/.github/workflows/compound-java-scan.properties.json new file mode 100644 index 0000000..21739e0 --- /dev/null +++ b/.github/workflows/compound-java-scan.properties.json @@ -0,0 +1,5 @@ +{ + "name": "Compound Java Scan", + "description": "Scan licenses and vulnerabilities in java project", + "iconName": "example-icon" + } \ No newline at end of file diff --git a/.github/workflows/compound-java-scan.yml b/.github/workflows/compound-java-scan.yml new file mode 100644 index 0000000..a6c3c4f --- /dev/null +++ b/.github/workflows/compound-java-scan.yml @@ -0,0 +1,56 @@ +name: Scan licenses and vulnerabilities in java project + +on: + workflow_call: + inputs: + runsOn: + required: false + type: string + default: 'ubuntu-latest' + javaVersion: + required: false + type: string + default: '11' + javaVendor: + required: false + type: string + default: 'zulu' + # Vulnerability scanning + scanner-enabled: + required: false + type: boolean + default: true + description: 'Whether vulnerabilities and license scanning are enabled' + multiproject: + required: false + type: boolean + default: false + description: 'false for dependencyCheckAnalyze, true for dependencyCheckAggregate' + secrets: + nvd-api-key: + required: false + description: 'API key to access NVD database' + +jobs: + prebuild-job: + name: Prebuild Job + uses: th2-net/.github/.github/workflows/compound-prebuild-java-dev-workflow.yml@main + with: + runsOn: ${{ inputs.runsOn }} + + owasp-scan: + if: inputs.scanner-enabled + uses: th2-net/.github/.github/workflows/owasp-gradle-scan.yml@main + with: + multiproject: ${{ inputs.multiproject }} + javaVersion: ${{ inputs.javaVersion }} + javaVendor: ${{ inputs.javaVendor }} + secrets: + nvd-api-key: ${{ secrets.nvd-api-key }} + + license-check: + if: inputs.scanner-enabled + uses: th2-net/.github/.github/workflows/license_check.yml@main + needs: [prebuild-job] + with: + version: ${{ needs.prebuild-job.outputs.version }} \ No newline at end of file