diff --git a/.github/workflows/code-format.yml b/.github/workflows/code-format.yml index 120e275..cc70bfc 100644 --- a/.github/workflows/code-format.yml +++ b/.github/workflows/code-format.yml @@ -10,9 +10,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up JDK 11 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: '11' distribution: 'temurin' diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml index f266e66..489ef10 100644 --- a/.github/workflows/code-quality.yml +++ b/.github/workflows/code-quality.yml @@ -15,22 +15,22 @@ jobs: name: Run unit tests and Sonar analysis runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Set up JDK 17 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: 17 distribution: 'temurin' - name: Cache SonarCloud packages - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.sonar/cache key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - name: Cache Maven packages - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} @@ -42,28 +42,26 @@ jobs: # note that we deliberately turn off the OWASP dependency checker here, it will run in a separate job, # such that its results can be viewed independently of what Sonar has to say run: | - mvn -B verify sonar:sonar -Dsonar.projectKey=siemens_LightweightCmpRa -Ddependency-check.skip=true + mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=siemens_LightweightCmpRa -Ddependency-check.skip=true analyze_dependencies_owasp: name: Check dependencies with OWASP runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up JDK 11 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: 11 distribution: 'temurin' - name: Cache Maven packages - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} restore-keys: ${{ runner.os }}-m2 - name: Analyze dependencies - env: - NVD_API_KEY: ${{ secrets.NVD_TOKEN }} # this will run the OWASP dependency checker only - run: mvn -B verify -DskipTests \ No newline at end of file + run: mvn -B verify -DskipTests -DnvdApiKey=${{ secrets.NVD_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/licence-compliance.yml b/.github/workflows/licence-compliance.yml index 14648f0..cc8ace7 100644 --- a/.github/workflows/licence-compliance.yml +++ b/.github/workflows/licence-compliance.yml @@ -9,9 +9,9 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up JDK 11 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: '11' distribution: 'temurin' diff --git a/pom.xml b/pom.xml index 9b7428e..fe0a2b5 100644 --- a/pom.xml +++ b/pom.xml @@ -107,7 +107,7 @@ org.owasp dependency-check-maven - 9.0.9 + 10.0.2 @@ -172,7 +172,7 @@ com.siemens.pki CmpRaComponent - 4.1.4 + 4.1.3 jakarta.xml.bind