fabric-chaincode-java/.github/workflows/scan.yml at 41f7deaba98f930a5ac3446854f526bca96e360c · hyperledger/fabric-chaincode-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
name: "Scheduled vulnerability scan"

on:
  workflow_call:
    inputs:
      ref:
        description: Branch, tag or SHA to scan.
        type: string
        required: false
        default: ""

permissions:
  contents: read

jobs:
  osv-scanner:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          ref: ${{ inputs.ref }}
      # Go needed for scanning of v2.5.5 and earlier
      - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
        with:
          go-version: stable
          cache: false
      - uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
        with:
          distribution: temurin
          # Releases v2.5.7 and earlier do not support Java 25
          java-version: 21
      - uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
      - name: Scan
        run: make scan