From c6526643b88c1f55f732de1fa60b8b5e6395cf70 Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Tue, 23 Jun 2026 16:03:11 +0200 Subject: [PATCH 1/2] Added maven dependency check CI workflow. --- .github/workflows/CI.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index e7e4818..8d4c4a8 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -27,6 +27,26 @@ jobs: cache: maven - name: Build with Maven run: mvn -B clean install + dependency-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Set up JDK 17 + uses: actions/setup-java@v5 + with: + java-version: '17' + distribution: 'temurin' + cache: maven + - name: OWASP Dependency Check + continue-on-error: true + run: mvn -B verify -Powasp -DskipTests -DnvdApiKey=${{ secrets.NVD_API_KEY }} + - name: Upload report + if: always() + uses: actions/upload-artifact@v4 + with: + name: dependency-check-report + path: target/dependency-check-report.html + ## Only on push event, publish on geosolutions maven repo publish: runs-on: ubuntu-latest From 146353a6e7d34309882d08f7fcb147df9bc5863a Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Tue, 23 Jun 2026 16:14:38 +0200 Subject: [PATCH 2/2] Added maven dependency check CI workflow. --- .github/workflows/CI.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 8d4c4a8..415a020 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -39,7 +39,7 @@ jobs: cache: maven - name: OWASP Dependency Check continue-on-error: true - run: mvn -B verify -Powasp -DskipTests -DnvdApiKey=${{ secrets.NVD_API_KEY }} + run: mvn -B verify -Powasp -DskipTests -DnvdApiKey=${{ secrets.NVD_API_KEY }} -DconnectionTimeout=6000 -DreadTimeout=6000 - name: Upload report if: always() uses: actions/upload-artifact@v4