diff --git a/.github/workflows/test-gha.yaml b/.github/workflows/test-gha.yaml new file mode 100644 index 0000000..c666e86 --- /dev/null +++ b/.github/workflows/test-gha.yaml @@ -0,0 +1,19 @@ +name: test sca scan gha + +on: + pull_request: + +jobs: + test-scan: + runs-on: ubuntu-latest + + steps: + - name: Checkout app code + uses: actions/checkout@v4 + + - name: SCA + uses: auth0/devsecops-tooling/.github/actions/sca-scan@main + with: + SIGNAL_HANDLER_DOMAIN: ${{ secrets.SIGNAL_HANDLER_DOMAIN }} + SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }} + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} diff --git a/.github/workflows/test-workflow.yml b/.github/workflows/test-workflow.yml new file mode 100644 index 0000000..4cc93d5 --- /dev/null +++ b/.github/workflows/test-workflow.yml @@ -0,0 +1,9 @@ +name: test + +on: + pull_request: + +jobs: + snyk-cli: + uses: auth0/devsecops-tooling/.github/workflows/sca-scan.yml@main + secrets: inherit diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..1584f85 --- /dev/null +++ b/pom.xml @@ -0,0 +1,51 @@ + + 4.0.0 + dependency-validation + scan-target + 0.0.1-SNAPSHOT + + + org.apache.httpcomponents + httpclient + 4.3.2 + jar + compile + + + org.apache.httpcomponents + httpclient-cache + 4.3.2 + jar + compile + + + org.apache.httpcomponents + httpmime + 4.3.2 + jar + compile + + + com.fasterxml.jackson.core + jackson-core + 2.4.0 + + + com.fasterxml.jackson.core + jackson-databind + 2.4.0 + + + + + + maven-compiler-plugin + 3.5.1 + + 1.7 + 1.7 + + + + +