Skip to content

chore(deps): Bump org.sonarqube from 4.4.1.3373 to 5.0.0.4638 (#1119) #507

chore(deps): Bump org.sonarqube from 4.4.1.3373 to 5.0.0.4638 (#1119)

chore(deps): Bump org.sonarqube from 4.4.1.3373 to 5.0.0.4638 (#1119) #507

Workflow file for this run

name: Anchore security scan
on:
push:
branches:
- develop
pull_request:
types: [opened, synchronize, reopened]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout project
uses: actions/checkout@v4
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '21'
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v3
- name: Assemble project
run: ./gradlew assemble
- name: Upload jars artifacts
uses: actions/upload-artifact@v4
with:
name: jars
path: |
api-gateway/build/libs
search-service/build/libs
subscription-service/build/libs
anchore:
runs-on: ubuntu-latest
needs: build
steps:
- name: Checkout project
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Download jars artifacts
uses: actions/download-artifact@v4
with:
name: jars
path: build
- name: Build API Gateway local container
uses: docker/build-push-action@v5
with:
context: .
file: ./api-gateway/Dockerfile
tags: localbuild/api-gateway:latest-scan
push: false
load: true
build-args: |
JAR_FILE=./build/api-gateway/build/libs/api-gateway-latest-dev.jar
- name: Build Search Service local container
uses: docker/build-push-action@v5
with:
context: .
file: ./search-service/Dockerfile
tags: localbuild/search-service:latest-scan
push: false
load: true
build-args: |
JAR_FILE=./build/search-service/build/libs/search-service-latest-dev.jar
- name: Build Subscription Service local container
uses: docker/build-push-action@v5
with:
context: .
file: ./subscription-service/Dockerfile
tags: localbuild/subscription-service:latest-scan
push: false
load: true
build-args: |
JAR_FILE=./build/subscription-service/build/libs/subscription-service-latest-dev.jar
- name: Security Scan for API Gateway image
id: scan-api-gateway
uses: anchore/scan-action@v3
with:
image: "localbuild/api-gateway:latest-scan"
severity-cutoff: critical
- name: Security Scan for Search Service image
id: scan-search-service
uses: anchore/scan-action@v3
with:
image: "localbuild/search-service:latest-scan"
severity-cutoff: critical
- name: Security Scan for Subscription Service image
id: scan-subscription-service
uses: anchore/scan-action@v3
with:
image: "localbuild/subscription-service:latest-scan"
severity-cutoff: critical
- name: Upload Anchore scan SARIF report for API Gateway
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: ${{ steps.scan-api-gateway.outputs.sarif }}
category: anchore-api-gateway
- name: Upload Anchore scan SARIF report for Search Service
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: ${{ steps.scan-search-service.outputs.sarif }}
category: anchore-search-service
- name: Upload Anchore scan SARIF report for Subscription Service
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: ${{ steps.scan-subscription-service.outputs.sarif }}
category: anchore-subscription-service