Skip to content

Introduced protections against system command injection #54

Introduced protections against system command injection

Introduced protections against system command injection #54

Workflow file for this run

name: Maven Build + Contrast CodeSec
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build_and_test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: '0'
- uses: actions/setup-java@v2
with:
distribution: 'temurin'
java-version: '8'
cache: 'maven'
- name: Build with Maven
run: mvn -B package -DskipTests --file pom.xml
# Run Contrast SCA to analyze security open source libraries
- name: Contrast SCA Action
if: always()
uses: Contrast-Security-OSS/contrast-sca-action@v1
with:
apiKey: ${{ secrets.CONTRAST_API_KEY }}
orgId: ${{ secrets.CONTRAST_ORGANIZATION_ID }}
authHeader: ${{ secrets.CONTRAST_AUTH_HEADER }}
filePath: pom.xml
severity: medium
fail: true
# Run Contrast Scan to analyze security of project code
- name: Contrast Scan Action
if: always()
uses: Contrast-Security-OSS/[email protected]
with:
artifact: /home/runner/work/spring-petclinic/spring-petclinic/target/spring-petclinic-1.5.1.jar
apiKey: ${{ secrets.CONTRAST_API_KEY }}
orgId: ${{ secrets.CONTRAST_ORGANIZATION_ID }}
authHeader: ${{ secrets.CONTRAST_AUTH_HEADER }}
severity: medium
fail: true
# Upload vulnerabilities into GitHub Security Tab of the repo
- name: Upload Contrast Security Results to GitHub Dashboard
if: always()
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif