File tree Expand file tree Collapse file tree 1 file changed +45
-0
lines changed
Expand file tree Collapse file tree 1 file changed +45
-0
lines changed Original file line number Diff line number Diff line change 1+ # This workflow builds a Java project with Maven and runs Semgrep for security analysis.
2+
3+ name : Java CI with Maven
4+
5+ on :
6+ push :
7+ branches : [ "master" ]
8+ pull_request :
9+ branches : [ "master" ]
10+
11+ jobs :
12+ build :
13+ runs-on : ubuntu-latest
14+
15+ steps :
16+ - name : Checkout repository
17+ uses : actions/checkout@v4
18+
19+ - name : Set up JDK 17
20+ uses : actions/setup-java@v4
21+ with :
22+ java-version : ' 17'
23+ distribution : ' temurin'
24+ cache : maven
25+
26+ - name : Build with Maven
27+ run : mvn -B package --file pom.xml
28+
29+ semgrep :
30+ name : Semgrep Security Scan
31+ runs-on : ubuntu-latest
32+ container :
33+ image : semgrep/semgrep # A Docker image with Semgrep installed
34+
35+ steps :
36+ - name : Checkout repository
37+ uses : actions/checkout@v4
38+
39+ - name : Run Semgrep Security Scan
40+ run : semgrep ci --sarif > semgrep.sarif
41+ env :
42+ SEMGREP_APP_TOKEN : " 19d358dbf82a2eada869bdf122783707890b6c26db7f386908691c8e3e27465f" # Use a GitHub Secret instead of a hardcoded token
43+
44+
45+
You can’t perform that action at this time.
0 commit comments