OWASP dependency check #2376

	name: 'OWASP dependency check'

	on:
	pull_request:
	workflow_dispatch:
	schedule:
	- cron: "17 2 * * 1"

	jobs:
	build:
	name: 'OWASP dependency check'
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: 'Set up JDK'
	uses: actions/setup-java@v4
	with:
	distribution: temurin
	java-version: 17
	cache: 'maven'

	- name: 'Set up Maven'
	uses: stCarolas/setup-maven@v5
	with:
	maven-version: '3.9.7'

	- name: 'Run Check'
	continue-on-error: true
	run: mvn -U package -DnvdApiKey=${{ secrets.NVD_API_KEY }} -Dmaven.test.skip=true -Ddocker.skip=true -Dtest.onlyITs= -DskipQA=true org.owasp:dependency-check-maven:aggregate -fae -B -Dorg.slf4j.simpleLogger.defaultLogLevel=WARN -DfailBuildOnCVSS=5

	- name: 'Upload result to GitHub Code Scanning'
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: target/dependency-check-report.sarif

Provide feedback