diff --git a/.github/workflows/test-gha.yml b/.github/workflows/test-gha.yml new file mode 100644 index 0000000..3bf3618 --- /dev/null +++ b/.github/workflows/test-gha.yml @@ -0,0 +1,21 @@ +name: test sca scan gha + +on: + pull_request_target: + branches: + - main + +jobs: + test-scan: + runs-on: ubuntu-latest + + steps: + - name: Checkout app code + uses: actions/checkout@v4 + + - name: SCA + uses: auth0/devsecops-tooling/.github/actions/sca-scan@main + with: + SIGNAL_HANDLER_DOMAIN: ${{ secrets.SIGNAL_HANDLER_DOMAIN }} + SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }} + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..c511d99 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,12 @@ +name: test + +on: + pull_request_target: + branches: + - main +jobs: + snyk-cli: + uses: auth0/devsecops-tooling/.github/workflows/sca-scan.yml@main + with: + runner: ubuntu-latest + secrets: inherit diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..1584f85 --- /dev/null +++ b/pom.xml @@ -0,0 +1,51 @@ + + 4.0.0 + dependency-validation + scan-target + 0.0.1-SNAPSHOT + + + org.apache.httpcomponents + httpclient + 4.3.2 + jar + compile + + + org.apache.httpcomponents + httpclient-cache + 4.3.2 + jar + compile + + + org.apache.httpcomponents + httpmime + 4.3.2 + jar + compile + + + com.fasterxml.jackson.core + jackson-core + 2.4.0 + + + com.fasterxml.jackson.core + jackson-databind + 2.4.0 + + + + + + maven-compiler-plugin + 3.5.1 + + 1.7 + 1.7 + + + + +