.github/workflows/security-scan.yml - camel - Git at Google

 #
 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #

 name: Security Vulnerability Scan

 on:
   schedule:
     # Weekly on Sundays at 4 AM UTC
     - cron: '0 4 * * 0'
   workflow_dispatch:

 permissions:
   contents: read

 jobs:
   owasp-check:
     if: github.repository == 'apache/camel'
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6
         with:
           persist-credentials: false
       - name: Set up JDK 21
         uses: actions/setup-java@v5
         with:
           distribution: 'temurin'
           java-version: '21'
           cache: 'maven'
       - name: OWASP Dependency Check
         run: ./mvnw -B -Pdependencycheck validate -DskipTests -DnvdApiKey=${{ secrets.NVD_API_KEY }} -DnvdApiDelay=5000 -l owasp-check.log
       - name: Upload OWASP Report
         uses: actions/upload-artifact@v7
         if: always()
         with:
           name: owasp-dependency-check-report
           path: |
             **/target/dependency-check-report.html
             **/target/dependency-check-report.json
             owasp-check.log
           retention-days: 30
       - name: Job Summary
         if: always()
         run: |
           echo "## OWASP Dependency Check Results" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "The OWASP dependency check has completed." >> $GITHUB_STEP_SUMMARY
           echo "Download the artifacts for detailed HTML and JSON reports." >> $GITHUB_STEP_SUMMARY
	#
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#

	name: Security Vulnerability Scan

	on:
	schedule:
	# Weekly on Sundays at 4 AM UTC
	- cron: '0 4 * * 0'
	workflow_dispatch:

	permissions:
	contents: read

	jobs:
	owasp-check:
	if: github.repository == 'apache/camel'
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v6
	with:
	persist-credentials: false
	- name: Set up JDK 21
	uses: actions/setup-java@v5
	with:
	distribution: 'temurin'
	java-version: '21'
	cache: 'maven'
	- name: OWASP Dependency Check
	run: ./mvnw -B -Pdependencycheck validate -DskipTests -DnvdApiKey=${{ secrets.NVD_API_KEY }} -DnvdApiDelay=5000 -l owasp-check.log
	- name: Upload OWASP Report
	uses: actions/upload-artifact@v7
	if: always()
	with:
	name: owasp-dependency-check-report
	path: \|
	**/target/dependency-check-report.html
	**/target/dependency-check-report.json
	owasp-check.log
	retention-days: 30
	- name: Job Summary
	if: always()
	run: \|
	echo "## OWASP Dependency Check Results" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "The OWASP dependency check has completed." >> $GITHUB_STEP_SUMMARY
	echo "Download the artifacts for detailed HTML and JSON reports." >> $GITHUB_STEP_SUMMARY