OWASP #2286

	name: OWASP

	env:
	MAVEN_OPTS: -Djava.awt.headless=true

	concurrency:
	# More info: https://stackoverflow.com/a/68422069/253468
	group: ${{ github.workflow }}-${{ ( github.ref == 'refs/heads/main' \|\| github.ref == 'refs/heads/release' ) && format('ci-master-{0}', github.sha) \|\| format('ci-master-{0}', github.ref) }}
	cancel-in-progress: true

	on:
	pull_request:
	schedule:
	- cron: "17 23 * * 0"
	workflow_dispatch:

	jobs:
	build:
	name: Dependency Check
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Set up JDK
	uses: actions/setup-java@v4
	with:
	distribution: 'temurin'
	java-version: 17
	cache: 'maven'

	- name: 'Set up Maven'
	uses: stCarolas/setup-maven@v5
	with:
	maven-version: '3.9.6'

	- name: OWASP Dependency Check
	continue-on-error: true
	env:
	NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
	run: mvn -U package -DskipTests -DskipITs -Ddocker.skip=true org.owasp:dependency-check-maven:check -fae -B -Dorg.slf4j.simpleLogger.defaultLogLevel=WARN -DfailBuildOnCVSS=5

	- name: Upload result to GitHub Code Scanning
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: target/dependency-check-report.sarif

	- name: Cleanup snapshots
	if: always()
	run: \|
	find ~/.m2/repository -name "SNAPSHOT" -type d \| xargs rm -rf {}

Provide feedback