Fosstars (Security) #511
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Fosstars (Security)' | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '0 0 * * *' | |
| jobs: | |
| security-checks: | |
| runs-on: ubuntu-latest | |
| name: 'Security rating' | |
| permissions: | |
| checks: write | |
| contents: write | |
| steps: | |
| - uses: sap/ai-sdk-js/.github/actions/setup@main | |
| with: | |
| node-version: ${{ vars.DEFAULT_NODE_VERSION }} | |
| - name: 'Run OWASP Dependency Check' | |
| uses: dependency-check/Dependency-Check_Action@main | |
| id: depcheck | |
| with: | |
| project: ${{ github.repository }} | |
| path: '.' | |
| format: 'HTML' | |
| out: 'reports' | |
| # OWASP Dependency-Check configuration: | |
| # - --failOnCVSS 7: Fail the step if any dependency has CVSS >= 7 (High/Critical). | |
| # - --nvdApiKey: Use an National Vulnerability Database (NVD) API key to increase rate limits | |
| # for NVD data sync and improve reliability. | |
| # Request an API key if required at: https://nvd.nist.gov/developers/request-an-api-key | |
| args: > | |
| --failOnCVSS 7 | |
| --nvdApiKey ${{ secrets.NVD_API_KEY }} | |
| --ossIndexUsername ${{ vars.OSS_INDEX_USERNAME }} | |
| --ossIndexPassword ${{ secrets.OSS_INDEX_PASSWORD }} | |
| - name: 'Upload OWASP Dependency Check Report' | |
| if: always() && steps.depcheck.conclusion != 'skipped' | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: owasp-dependency-check-report | |
| path: reports/ | |
| retention-days: 7 | |
| - name: 'Run Fosstars Rating' | |
| uses: SAP/[email protected] | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: 'Slack Notification' | |
| if: failure() | |
| uses: slackapi/[email protected] | |
| with: | |
| webhook: ${{ secrets.SLACK_WEBHOOK }} | |
| webhook-type: incoming-webhook | |
| payload: | | |
| { | |
| "username": "Security Checks", | |
| "text": "Security checks (Fosstars rating and OWASP dependency check) <https://github.com/SAP/ai-sdk-js/actions/runs/${{ github.run_id }}|failed>.", | |
| } |