.github/workflows/service-vulnerability-scanner.yaml

name: Service Vulnerability Scanner

on:
  workflow_call:
    inputs:
      path:
        description: 'Path to the project directory'
        required: true
        type: string

jobs:
  vulnerability-scanner:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout to repo
        uses: actions/checkout@v4

      - name: Setup Java JDK
        uses: actions/setup-java@v4
        with:
          distribution: 'corretto'
          java-version: '17'
          cache: 'gradle'

      - name: Build the application
        run: cd ${{ inputs.path }} && ./gradlew clean build

      - name: Vulnerability Scanner
        uses: dependency-check/Dependency-Check_Action@main
        env:
          JAVA_HOME: /opt/jdk
        id: dependency-checker
        with:
          project: 'kotlin-ecommerce-microservices'
          path: ${{ inputs.path }}
          format: 'HTML'
          out: '${{ inputs.path }}/reports'
          args: >
            --failOnCVSS 9.5
            --enableRetired
            --suppression ${{ inputs.path }}/suppression-file.xml
            --disableCentral

      - name: Publish Vulnerability Scanner results
        uses: actions/upload-artifact@v4
        if: always()
        with:
          name: Vulnerability Scanner report
          path: ${{ inputs.path }}/reports