[Snyk] Upgrade org.apache.tomcat.embed:tomcat-embed-core from 11.0.2 to 11.0.4 #27

Workflow file for this run

	name: CI/CD Pipeline with DevSecOps

	on:
	pull_request:
	branches:
	- master
	types:
	- opened
	- synchronize
	- reopened

	jobs:
	# Build and Test
	build_and_test:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Set up Java
	uses: actions/setup-java@v4
	with:
	java-version: '23'
	distribution: 'temurin'

	- name: Build and Test with Maven
	run: \|
	mvn clean install
	mvn test

	- name: Create JAR File
	run: mvn clean package

	- name: Upload Build Artifact
	uses: actions/upload-artifact@v3
	with:
	name: build-artifact
	path: target/*.jar

	static_code_analysis:
	runs-on: ubuntu-latest
	needs: build_and_test
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Set up Java
	uses: actions/setup-java@v4
	with:
	distribution: 'temurin'
	java-version: '23'

	- name: Build the project
	run: mvn clean install -DskipTests

	- name: Cache SonarQube packages
	uses: actions/cache@v4
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar
	- name: Cache Maven packages
	uses: actions/cache@v4
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2
	- name: Build and analyze
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=yashsahsani_Learning-SpringBoot


	# Security Scanning
	security_scanning:
	runs-on: ubuntu-latest
	needs: build_and_test
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Snyk Dependency Scan
	uses: snyk/actions/setup@master
	- name: Run Snyk Test
	run: snyk test --all-projects --severity-threshold=high
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	- name: Monitor the project on Snyk
	run: snyk monitor --all-projects
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	- name: Scan for Vulnerable Dependencies with Trivy
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'fs'
	severity: 'CRITICAL,HIGH'
	ignore-unfixed: true

	# Docker Image Build and Scan
	docker_build_and_scan:
	runs-on: ubuntu-latest
	needs: [build_and_test, security_scanning,static_code_analysis]
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2

	- name: Set up Docker Hub Credentials
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}

	- name: Build Docker Image
	run: docker build -t ${{ secrets.DOCKER_USERNAME }}/spring-learning:${{ github.sha }} .

	# - name: Snyk Docker Image Scan
	# uses: snyk/actions/docker@master
	# with:
	# image: ${{ secrets.DOCKER_USERNAME }}/spring-learning:${{ github.sha }}
	# args: --severity-threshold=high
	# env:
	# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	- name: Scan Docker Image with Trivy
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: ${{ secrets.DOCKER_USERNAME }}/spring-learning:${{ github.sha }}
	severity: 'CRITICAL,HIGH'
	ignore-unfixed: true

	- name: Push Docker Image to Docker Hub
	run: docker push ${{ secrets.DOCKER_USERNAME }}/spring-learning:${{ github.sha }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade org.apache.tomcat.embed:tomcat-embed-core from 11.0.2 to 11.0.4 #27

Workflow file

[Snyk] Upgrade org.apache.tomcat.embed:tomcat-embed-core from 11.0.2 to 11.0.4 #27

Uh oh!

Workflow file for this run