-
Notifications
You must be signed in to change notification settings - Fork 74
45 lines (45 loc) · 1.36 KB
/
dependency-check.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#name: Dependency Check
#
#on: [push,pull_request]
#
#jobs:
# depchecktest:
# runs-on: ubuntu-latest
# name: depecheck_test
# steps:
# - name: Checkout
# uses: actions/checkout@v2
# - name: List files in the workspace
# run: |
# ls ${{ github.workspace }}
# - name: Depcheck - SARIF
# uses: dependency-check/Dependency-Check_Action@main
# id: Depcheck
# with:
# project: 'test'
# path: '.'
# format: 'SARIF'
# args: >
# --enableExperimental
# --scan Podfile.lock
# - name: Depcheck - HTML
# uses: dependency-check/Dependency-Check_Action@main
# id: Depcheck-HTML
# with:
# project: 'test'
# path: '.'
# format: 'HTML'
# args: >
# --enableExperimental
# --scan Podfile.lock
# - name: Upload Test results
# uses: actions/upload-artifact@master
# with:
# name: Depcheck report
# path: ${{github.workspace}}/reports
# # Upload the SARIF file to Github, so the findings show up in "Security / Code Scanning alerts"
# - name: Upload Dependency Check report to CodeQL
# if: always()
# uses: github/codeql-action/upload-sarif@v1
# with:
# sarif_file: ${{github.workspace}}/reports/dependency-check-report.sarif