Skip to content

Bump org.springframework.security:spring-security-web from 6.3.4 to 6.4.2 #199

Bump org.springframework.security:spring-security-web from 6.3.4 to 6.4.2

Bump org.springframework.security:spring-security-web from 6.3.4 to 6.4.2 #199

# This workflow is used to build & scan image using trivy vulnerability scanner and upload the results to github security tab
name: Build & Vulnerability Scan using Trivy Scanner
on:
push:
branches: [ main, release/*]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main, release/*]
workflow_dispatch:
branches: [ main, release/*]
jobs:
build-scan-image:
name: Build & Scan Image
runs-on: ubuntu-20.04
env:
BASIC_AUTH_USER: ${{ secrets.BASIC_AUTH_USER }}
BASIC_AUTH_PASS: ${{ secrets.BASIC_AUTH_PASS }}
steps:
- name: Checkout code
uses: actions/checkout@v4
# Set up JDK build environment
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'
# Runs build steps
- name: Maven Package
run: mvn -ntp clean package
- name: Maven Verify
run: mvn -ntp clean verify
- name: Build an image from Dockerfile
env:
COMPOSE_DOCKER_CLI_BUILD: 1
DOCKER_BUILDKIT: 1
run: |
docker build -t docker.io/cdds/jag-cdds:${{ github.sha }} .
#Run Vulnerability Scan usinig Trivy scanner
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.24.0
with:
scan-type: 'image'
image-ref: 'docker.io/cdds/jag-cdds:${{ github.sha }}'
format: 'sarif'
output: 'trivy-results.sarif'
exit-code: '1'
ignore-unfixed: true
limit-severities-for-sarif: true
severity: 'HIGH,CRITICAL'
#Upload results to the Github security tab.
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: trivy-results.sarif