Skip to content
This repository has been archived by the owner on Apr 5, 2024. It is now read-only.

Override the netty dependency to fix CVE-2023-44487 (#532) #298

Override the netty dependency to fix CVE-2023-44487 (#532)

Override the netty dependency to fix CVE-2023-44487 (#532) #298

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: build
on:
push:
branches: [ master ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ master ]
schedule:
- cron: '0 19 * * 0'
jobs:
build:
name: Build
runs-on: "ubuntu-20.04"
steps:
- name: Checkout code
uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'
- name: Build an image from Dockerfile
run: |
./gradlew --no-daemon --parallel build -x test distDocker
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@2a2157eb22c08c9a1fac99263430307b8d1bc7a2
with:
image-ref: 'consensys/ethsigner:develop'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: 'trivy-results.sarif'