html reporting - part 1 #141
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Repo tests | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| concurrency: | |
| group: "${{ github.workflow }}-${{ github.head_ref || github.run_id }}" | |
| cancel-in-progress: true | |
| jobs: | |
| os-repo-tests: | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| os: ['ubuntu-24.04', 'ubuntu-24.04-arm', 'macos-15', 'windows-latest'] | |
| python-version: ['3.10', '3.11', '3.12', '3.13'] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: 'hoolicorp/java-sec-code' | |
| path: 'repotests/java-sec-code' | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: 'wix/greyhound' | |
| path: 'repotests/greyhound' | |
| ref: '385bb84a6f712ee18064a3b5ecb8d9dcbc1c75f3' | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: 'HooliCorp/vulnerable-aws-koa-app' | |
| path: 'repotests/vulnerable-aws-koa-app' | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: 'microsoft/dotnet-podcasts' | |
| path: 'repotests/dotnet-podcasts' | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.23' | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '21' | |
| - name: Use Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '23.x' | |
| - uses: sbt/setup-sbt@v1 | |
| - name: Setup Android SDK | |
| uses: android-actions/setup-android@v3 | |
| with: | |
| packages: 'platform-tools' | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: '3.4.4' | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: '8.x' | |
| - name: Trim CI agent | |
| run: | | |
| chmod +x contrib/free_disk_space.sh | |
| ./contrib/free_disk_space.sh | |
| if: ${{ matrix.os != 'windows-latest' }} | |
| - name: Install depscan | |
| run: | | |
| uv sync --all-extras --all-packages --dev | |
| uv pip install -U "huggingface_hub[cli]" | |
| npm install -g @cyclonedx/cdxgen | |
| - name: repotests java-sec-code | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/java-sec-code ${GITHUB_WORKSPACE}/depscan_reports/java-sec-code1 ${GITHUB_WORKSPACE}/depscan_reports/java-sec-code2 | |
| uv run depscan --src ${GITHUB_WORKSPACE}/repotests/java-sec-code --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/java-sec-code -t java --bom-engine CdxgenGenerator | |
| uv run depscan --src ${GITHUB_WORKSPACE}/repotests/java-sec-code --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/java-sec-code1 --profile research -t java --bom-engine CdxgenGenerator --reachability-analyzer FrameworkReachability --explain | |
| uv run depscan --src ${GITHUB_WORKSPACE}/repotests/java-sec-code --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/java-sec-code2 --profile research -t java --bom-engine CdxgenGenerator --reachability-analyzer SemanticReachability --explain | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| env: | |
| BLINTDB_HOME: ${{ runner.temp }}/blintdb-home | |
| - name: repotests dotnet-podcasts | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/dotnet-podcasts ${GITHUB_WORKSPACE}/depscan_reports/dotnet-podcasts1 ${GITHUB_WORKSPACE}/depscan_reports/dotnet-podcasts2 | |
| dotnet build ${GITHUB_WORKSPACE}/repotests/dotnet-podcasts/NetPodcast.Services.sln | |
| dotnet build ${GITHUB_WORKSPACE}/repotests/dotnet-podcasts/NetPodcast.sln | |
| dotnet build ${GITHUB_WORKSPACE}/repotests/dotnet-podcasts/Podcast.Web.sln | |
| uv run depscan --src ${GITHUB_WORKSPACE}/repotests/dotnet-podcasts --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/dotnet-podcasts -t dotnet --bom-engine CdxgenGenerator | |
| uv run depscan --src ${GITHUB_WORKSPACE}/repotests/dotnet-podcasts --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/dotnet-podcasts1 --profile research -t dotnet --bom-engine CdxgenGenerator --reachability-analyzer FrameworkReachability --explain | |
| uv run depscan --src ${GITHUB_WORKSPACE}/repotests/dotnet-podcasts --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/dotnet-podcasts2 --profile research -t dotnet --bom-engine CdxgenGenerator --reachability-analyzer SemanticReachability --explain | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| env: | |
| BLINTDB_HOME: ${{ runner.temp }}/blintdb-home | |
| - name: repotests vulnerable-aws-koa-app | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/vulnerable-aws-koa-app | |
| uv run depscan --src ${GITHUB_WORKSPACE}/repotests/vulnerable-aws-koa-app --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/vulnerable-aws-koa-app -t js --bom-engine CdxgenGenerator | |
| uv run depscan --src ${GITHUB_WORKSPACE}/repotests/vulnerable-aws-koa-app --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/vulnerable-aws-koa-app -t js --bom-engine CdxgenGenerator --reachability-analyzer FrameworkReachability --explain | |
| uv run depscan --src ${GITHUB_WORKSPACE}/repotests/vulnerable-aws-koa-app --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/vulnerable-aws-koa-app -t js --bom-engine CdxgenGenerator --reachability-analyzer SemanticReachability --explain | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| env: | |
| BLINTDB_HOME: ${{ runner.temp }}/blintdb-home | |
| - name: repotests Signal-Android | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/Signal-Android | |
| uv run huggingface-cli download AppThreat/ukaina --include "java/Signal-Android/*.json" --exclude "java/Signal-Android/*.vdr.json" --repo-type dataset --local-dir ${GITHUB_WORKSPACE}/depscan_reports/Signal-Android | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/Signal-Android --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/Signal-Android --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/Signal-Android --reachability-analyzer SemanticReachability --explain | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| - name: repotests dependency-track | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/dependency-track | |
| uv run huggingface-cli download AppThreat/ukaina --include "java/dependency-track/*.json" --exclude "java/dependency-track/*.vdr.json" --repo-type dataset --local-dir ${GITHUB_WORKSPACE}/depscan_reports/dependency-track | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/dependency-track --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/dependency-track --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/dependency-track --reachability-analyzer SemanticReachability --explain | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/dependency-track --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/dependency-track --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/dependency-track --reachability-analyzer SemanticReachability --explain --explanation-mode NonReachables | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| - name: repotests kafka-4.0.0-src | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/kafka-4.0.0-src | |
| uv run huggingface-cli download AppThreat/ukaina --include "java/kafka-4.0.0-src/*.json" --exclude "java/kafka-4.0.0-src/*.vdr.json" --repo-type dataset --local-dir ${GITHUB_WORKSPACE}/depscan_reports/kafka-4.0.0-src | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/kafka-4.0.0-src --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/kafka-4.0.0-src --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/kafka-4.0.0-src --reachability-analyzer SemanticReachability --explain | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| - name: repotests cdxgen | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/cdxgen | |
| uv run huggingface-cli download AppThreat/ukaina --include "js/cdxgen/*.json" --exclude "js/cdxgen/*.vdr.json" --repo-type dataset --local-dir ${GITHUB_WORKSPACE}/depscan_reports/cdxgen | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/cdxgen --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/cdxgen --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/cdxgen --reachability-analyzer SemanticReachability --explain | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/cdxgen --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/cdxgen --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/cdxgen --reachability-analyzer SemanticReachability --explain --explanation-mode NonReachables | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| - name: repotests Signal-Desktop | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/Signal-Desktop | |
| uv run huggingface-cli download AppThreat/ukaina --include "js/Signal-Desktop/*.json" --exclude "js/Signal-Desktop/*.vdr.json" --repo-type dataset --local-dir ${GITHUB_WORKSPACE}/depscan_reports/Signal-Desktop | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/Signal-Desktop --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/Signal-Desktop --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/Signal-Desktop --reachability-analyzer SemanticReachability --explain | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| - name: repotests forgejo | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/forgejo | |
| uv run huggingface-cli download AppThreat/ukaina --include "js/forgejo/*.json" --exclude "js/forgejo/*.vdr.json" --repo-type dataset --local-dir ${GITHUB_WORKSPACE}/depscan_reports/forgejo | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/forgejo --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/forgejo --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/forgejo --reachability-analyzer SemanticReachability --explain | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| - name: repotests biome | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/biome | |
| uv run huggingface-cli download AppThreat/ukaina --include "rust/biome/*.json" --exclude "rust/biome/*.vdr.json" --repo-type dataset --local-dir ${GITHUB_WORKSPACE}/depscan_reports/biome | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/biome --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/biome --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/biome --reachability-analyzer SemanticReachability --explain | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| - name: repotests rustdesk | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/rustdesk | |
| uv run huggingface-cli download AppThreat/ukaina --include "rust/rustdesk/*.json" --exclude "rust/rustdesk/*.vdr.json" --repo-type dataset --local-dir ${GITHUB_WORKSPACE}/depscan_reports/rustdesk | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/rustdesk --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/rustdesk --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/rustdesk --reachability-analyzer SemanticReachability --explain | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| - name: repotests rustpad | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/rustpad | |
| uv run huggingface-cli download AppThreat/ukaina --include "rust/rustpad/*.json" --exclude "rust/rustpad/*.vdr.json" --repo-type dataset --local-dir ${GITHUB_WORKSPACE}/depscan_reports/rustpad | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/rustpad --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/rustpad --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/rustpad --reachability-analyzer SemanticReachability --explain | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| - name: repotests django-DefectDojo | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/django-DefectDojo | |
| uv run huggingface-cli download AppThreat/ukaina --include "python/django-DefectDojo/*.json" --exclude "python/django-DefectDojo/*.vdr.json" --repo-type dataset --local-dir ${GITHUB_WORKSPACE}/depscan_reports/django-DefectDojo | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/django-DefectDojo --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/django-DefectDojo --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/django-DefectDojo --reachability-analyzer SemanticReachability --explain | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/django-DefectDojo --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/django-DefectDojo --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/django-DefectDojo --reachability-analyzer SemanticReachability --explain --explanation-mode Endpoints | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/django-DefectDojo --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/django-DefectDojo --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/django-DefectDojo --reachability-analyzer SemanticReachability --explain --explanation-mode NonReachables | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| - name: repotests depscan | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/depscan | |
| uv run huggingface-cli download AppThreat/ukaina --include "python/depscan/*.json" --exclude "python/depscan/*.vdr.json" --repo-type dataset --local-dir ${GITHUB_WORKSPACE}/depscan_reports/depscan | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/depscan --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/depscan --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/depscan --reachability-analyzer SemanticReachability --explain | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/depscan --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/depscan --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/depscan --reachability-analyzer SemanticReachability --explain --explanation-mode Endpoints | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| - name: repotests phpmyadmin | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/phpmyadmin | |
| uv run huggingface-cli download AppThreat/ukaina --include "php/phpmyadmin/*.json" --exclude "php/phpmyadmin/*.vdr.json" --repo-type dataset --local-dir ${GITHUB_WORKSPACE}/depscan_reports/phpmyadmin | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/phpmyadmin --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/phpmyadmin --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/phpmyadmin --reachability-analyzer SemanticReachability --explain | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| - name: repotests openssl-3.5.0 | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/openssl-3.5.0 | |
| uv run huggingface-cli download AppThreat/ukaina --include "c/openssl-3.5.0/*.json" --exclude "c/openssl-3.5.0/*.vdr.json" --repo-type dataset --local-dir ${GITHUB_WORKSPACE}/depscan_reports/openssl-3.5.0 | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/openssl-3.5.0 --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/openssl-3.5.0 --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/openssl-3.5.0 --reachability-analyzer SemanticReachability --explain | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| - name: repotests open5gs-2.7.5 | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/open5gs-2.7.5 | |
| uv run huggingface-cli download AppThreat/ukaina --include "c/open5gs-2.7.5/*.json" --exclude "c/open5gs-2.7.5/*.vdr.json" --repo-type dataset --local-dir ${GITHUB_WORKSPACE}/depscan_reports/open5gs-2.7.5 | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/open5gs-2.7.5 --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/open5gs-2.7.5 --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/open5gs-2.7.5 --reachability-analyzer SemanticReachability --explain | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| - name: repotests curl-8.13.0 | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/curl-8.13.0 | |
| uv run huggingface-cli download AppThreat/ukaina --include "c/curl-8.13.0/*.json" --exclude "c/curl-8.13.0/*.vdr.json" --repo-type dataset --local-dir ${GITHUB_WORKSPACE}/depscan_reports/curl-8.13.0 | |
| uv run depscan --src ${GITHUB_WORKSPACE}/depscan_reports/curl-8.13.0 --bom-dir ${GITHUB_WORKSPACE}/depscan_reports/curl-8.13.0 --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/curl-8.13.0 --reachability-analyzer SemanticReachability --explain --explanation-mode NonReachables | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '11' | |
| - name: repotests greyhound | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/greyhound | |
| uv run depscan --src ${GITHUB_WORKSPACE}/repotests/greyhound --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/greyhound -t java --bom-engine CdxgenGenerator | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| env: | |
| BLINTDB_HOME: ${{ runner.temp }}/blintdb-home | |
| os-semantics-tests: | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| python-version: ['3.13'] | |
| runs-on: ['self-hosted', 'ubuntu', 'amd64'] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install depscan | |
| run: | | |
| uv sync --all-extras --all-packages | |
| sudo npm install -g @cyclonedx/cdxgen @appthreat/atom --omit=optional | |
| - name: semantic analysis self | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports/depscan | |
| uv run depscan --src ${GITHUB_WORKSPACE} --reports-dir ${GITHUB_WORKSPACE}/depscan_reports/depscan -t python --bom-engine CdxgenGenerator --reachability-analyzer SemanticReachability --explain | |
| ls -lh ${GITHUB_WORKSPACE}/depscan_reports/depscan | |
| rm -rf ${GITHUB_WORKSPACE}/depscan_reports | |
| shell: bash | |
| env: | |
| DEPSCAN_SOURCE_IMAGE: ghcr.io/owasp-dep-scan/dep-scan:master | |
| CDXGEN_TIMEOUT_MS: 3600000 | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: 'aboutcode-org/dejacode' | |
| path: 'repotests/dejacode' | |
| - name: semantic analysis dejacode | |
| run: | | |
| mkdir -p ${GITHUB_WORKSPACE}/depscan_reports ${GITHUB_WORKSPACE}/repotests/dejacode/reports | |
| cd ${GITHUB_WORKSPACE}/repotests/dejacode | |
| docker build -t dejacode:latest -f Dockerfile . | |
| uv pip install --find-links=thirdparty/dist/ --no-index --no-cache-dir . | |
| cd ${GITHUB_WORKSPACE} | |
| uv run depscan --src ${GITHUB_WORKSPACE}/repotests/dejacode --reports-dir ${GITHUB_WORKSPACE}/repotests/dejacode/reports -t python --bom-engine CdxgenGenerator --reachability-analyzer SemanticReachability --explain | |
| cp -rf ${GITHUB_WORKSPACE}/repotests/dejacode/reports ${GITHUB_WORKSPACE}/depscan_reports/dejacode | |
| uv run depscan --src ${GITHUB_WORKSPACE}/repotests/dejacode --bom-dir ${GITHUB_WORKSPACE}/repotests/dejacode/reports --reports-dir ${GITHUB_WORKSPACE}/repotests/dejacode/reports --reachability-analyzer SemanticReachability --explain --explanation-mode NonReachables | |
| cp -rf ${GITHUB_WORKSPACE}/repotests/dejacode/reports ${GITHUB_WORKSPACE}/depscan_reports/dejacode2 | |
| ls -lh ${GITHUB_WORKSPACE}/repotests/dejacode/reports | |
| shell: bash | |
| env: | |
| DEPSCAN_SOURCE_IMAGE: dejacode:latest | |
| CDXGEN_TIMEOUT_MS: 3600000 | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: dejacode_reports | |
| path: depscan_reports/dejacode | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: dejacode_non_reachables | |
| path: depscan_reports/dejacode2 |