GH-549 Test

the-qa-company · Dec 16, 2024 · 558cc8e · 558cc8e
1 parent b9c4d91
commit 558cc8e
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 1 deletion.
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -0,0 +1,51 @@
+name: Scan
+
+on: [workflow_dispatch]
+
+concurrency:
+  group: ${{ github.ref }}-push
+  cancel-in-progress: true
+
+jobs:
+  publish:
+    name: Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'microsoft'
+          java-version: 17
+      - name: Use Node.js 16
+        uses: actions/setup-node@v3
+        with:
+          node-version: 16
+          cache-dependency-path: qendpoint-frontend/package-lock.json
+      - name: Install frontend dependencies
+        run: npm ci --legacy-peer-deps
+        working-directory: qendpoint-frontend
+      - name: Compiling frontend
+        run: npm run build --if-present
+        working-directory: qendpoint-frontend
+      - name: Put frontend in backend
+        run: |
+          mkdir -p qendpoint-backend/src/main/resources/static/
+          cp -r qendpoint-frontend/build/* qendpoint-backend/src/main/resources/static/
+      - name: Compile qendpoint
+        run: mvn install -DskipTests
+      - name: move endpoint
+        run: mv qendpoint-backend/target/qendpoint-*-exec.jar qendpoint.jar
+      - name: Build an image from Dockerfile
+        run: 'docker build -t docker.io/the-qa-company/qendpoint:${{ github.sha }} -f .\scripts\Dockerfile .'
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.28.0
+        with:
+          image-ref: 'docker.io/the-qa-company/qendpoint:${{ github.sha }}'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+
diff --git a/qendpoint-core/pom.xml b/qendpoint-core/pom.xml
@@ -47,6 +47,7 @@
         <spring.version>2.7.5</spring.version>
         <logback.version>1.5.6</logback.version>
         <roaringbitmap.version>0.9.44</roaringbitmap.version>
+        <commons-compress.version>1.26.0</commons-compress.version>
 
         <jena.version>4.3.2</jena.version>
         <slf4j.version>1.7.30</slf4j.version>
@@ -75,7 +76,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-compress</artifactId>
-            <version>1.21</version>
+            <version>${commons-compress.version}</version>
         </dependency>
         <dependency>
             <groupId>org.apache.jena</groupId>
@@ -91,6 +92,12 @@
             <groupId>org.apache.jena</groupId>
             <artifactId>jena-arq</artifactId>
             <version>${jena.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.google.protobuf</groupId>
+                    <artifactId>protobuf-java</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>pl.pragmatists</groupId>