From 911300b5a3abba9c030adb6dab1ff4daf10ba12f Mon Sep 17 00:00:00 2001 From: dotasek Date: Wed, 1 Oct 2025 10:04:16 -0400 Subject: [PATCH 1/3] Use key for owasp check --- .github/workflows/owasp.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/owasp.yml b/.github/workflows/owasp.yml index 1f66b2e..6df07f8 100644 --- a/.github/workflows/owasp.yml +++ b/.github/workflows/owasp.yml @@ -1,8 +1,6 @@ on: push: branches: [ "master" ] - pull_request: - branches: [ "master" ] workflow_dispatch: @@ -29,8 +27,12 @@ jobs: - env: NVD_API_KEY: ${{ secrets.NVD_API_KEY }} + OSSINDEX_USERNAME: + ${{ secrets.OSSINDEX_USERNAME }} + OSSINDEX_PASSWORD: + ${{ secrets.OSSINDEX_PASSWORD }} run: | - mvn -DskipTests install -P OWASP_CHECK + mvn -DskipTests install -P OWASP_CHECK -DossIndexUsername=${{ env.OSSINDEX_USERNAME }} -DossIndexPassword=${{ env.OSSINDEX_PASSWORD }} - name: Upload SARIF file uses: github/codeql-action/upload-sarif@a4e1a019f5e24960714ff6296aee04b736cbc3cf # v3.29.6 From 472e9ad161ed0fb512fe0a6ab6b044770c33fa4e Mon Sep 17 00:00:00 2001 From: dotasek Date: Wed, 1 Oct 2025 10:04:30 -0400 Subject: [PATCH 2/3] Bump to owasp 12.1.6 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 315631d..3e3dfc7 100644 --- a/pom.xml +++ b/pom.xml @@ -91,7 +91,7 @@ org.owasp dependency-check-maven - 12.1.3 + 12.1.6 NVD_API_KEY From 6eb48beb829cf7a8cec8908acc63e5570780201b Mon Sep 17 00:00:00 2001 From: dotasek Date: Wed, 1 Oct 2025 10:12:17 -0400 Subject: [PATCH 3/3] Add workflow name --- .github/workflows/owasp.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/owasp.yml b/.github/workflows/owasp.yml index 6df07f8..71665b0 100644 --- a/.github/workflows/owasp.yml +++ b/.github/workflows/owasp.yml @@ -1,3 +1,5 @@ +name: "OWASP Security Scans" + on: push: branches: [ "master" ]