Skip to content

Add scheduled org.owasp:dependency-check workflow#1284

Closed
taoliult wants to merge 1 commit intoIBM:mainfrom
taoliult:main
Closed

Add scheduled org.owasp:dependency-check workflow#1284
taoliult wants to merge 1 commit intoIBM:mainfrom
taoliult:main

Conversation

@taoliult
Copy link
Copy Markdown
Collaborator

@taoliult taoliult commented Mar 19, 2026
edited
Loading

Add a GitHub Actions workflow to run the org.owasp dependency-check on a schedule.

Use GitHub Actions cache to store the vulnerability database between runs to reduce download time and improve workflow reliability.

Upload the generated dependency-check report as anartifact.

@taoliult taoliult marked this pull request as draft March 20, 2026 18:23
@taoliult taoliult force-pushed the main branch 3 times, most recently from 0bcfb05 to 5bbd8f8 Compare March 24, 2026 16:53
@taoliult taoliult marked this pull request as ready for review March 24, 2026 19:30
jasonkatonica
jasonkatonica requested changes Mar 25, 2026
View reviewed changes
@johnpeck-us-ibm
Copy link
Copy Markdown
Member

johnpeck-us-ibm commented Mar 25, 2026

So this being done instead of sonarqube?

@taoliult taoliult force-pushed the main branch 2 times, most recently from 5626c42 to 9a928ff Compare March 26, 2026 15:16
JinhangZhang
JinhangZhang approved these changes Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@JinhangZhang JinhangZhang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

jasonkatonica
jasonkatonica approved these changes Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@jasonkatonica jasonkatonica left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

KostasTsiounis
KostasTsiounis approved these changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@KostasTsiounis KostasTsiounis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@taoliult
Add scheduled org.owasp:dependency-check workflow
3da3587 
Add a GitHub Actions workflow to run the org.owasp
dependency-check on a schedule.

Use GitHub Actions cache to store the vulnerability
database between runs to reduce download time and
improve workflow reliability.

Upload the generated dependency-check report as an
artifact.

Signed-off-by: Tao Liu <tao.liu@ibm.com>
@taoliult
Copy link
Copy Markdown
Collaborator Author

taoliult commented Apr 8, 2026

Close this PR since all approved.

@jasonkatonica I created the PRs in the open repo to add the OWASP Maven plugin. Could you please create the PR in the GHE repo for the workflow change on the main branch only? Thanks.

@taoliult taoliult closed this Apr 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KostasTsiounis KostasTsiounis KostasTsiounis approved these changes

@jasonkatonica jasonkatonica jasonkatonica approved these changes

@johnpeck-us-ibm johnpeck-us-ibm johnpeck-us-ibm approved these changes

@JinhangZhang JinhangZhang JinhangZhang approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@taoliult @johnpeck-us-ibm @KostasTsiounis @jasonkatonica @JinhangZhang