diff --git a/.github/actions/scan-with-blackduck/action.yml b/.github/actions/scan-with-blackduck/action.yml
deleted file mode 100644
index dda5841..0000000
--- a/.github/actions/scan-with-blackduck/action.yml
+++ /dev/null
@@ -1,62 +0,0 @@
-name: Scan with BlackDuck
-description: Scans the project with BlackDuck
-
-inputs:
- blackduck_token:
- description: The token to use for BlackDuck authentication
- required: true
- github_token:
- description: The token to use for GitHub authentication
- required: true
- java-version:
- description: The version of Java to use
- default: "17"
- required: false
- maven-version:
- description: The Maven version the build shall run with.
- required: true
- scan_mode:
- description: The scan mode to use (FULL or RAPID)
- default: 'RAPID'
- required: false
-
-runs:
- using: composite
- steps:
- - name: Set up Java ${{ inputs.java-version }}
- uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
- with:
- java-version: ${{ inputs.java-version }}
- distribution: sapmachine
- cache: maven
-
- - name: Set up Maven ${{ inputs.maven-version }}
- uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
- with:
- maven-version: ${{ inputs.maven-version }}
-
- - name: Get Revision
- id: get-revision
- run: |
- echo "REVISION=$(mvn help:evaluate -Dexpression=revision -q -DforceStdout)" >> $GITHUB_OUTPUT
- shell: bash
-
- - name: BlackDuck Security Scan
- uses: blackduck-inc/black-duck-security-scan@659a0742e793a093377fab3117b0d90f23b04bfa # v2.9.0
- with:
- blackducksca_url: https://sap.blackducksoftware.com/
- blackducksca_token: ${{ inputs.blackduck_token }}
- blackducksca_scan_full: ${{ inputs.scan_mode == 'FULL' }}
- github_token: ${{ inputs.github_token }}
- detect_args: >
- --detect.project.name=com.sap.cds.feature.console
- --detect.project.version.name=${{ steps.get-revision.outputs.REVISION }}
- --detect.included.detector.types=MAVEN
- --detect.excluded.directories=**/node_modules,**/*test*,**/localrepo,**/target/site,**/*-site.jar,**/samples/**
- --detect.tools=DETECTOR,BINARY_SCAN
- --detect.risk.report.pdf=false
- --logging.level.detect=INFO
- env:
- BLACKDUCKSCA_TOKEN: ${{ inputs.blackduck_token }}
- BLACKDUCKSCA_URL: https://sap.blackducksoftware.com/
- BLACKDUCK_API_TOKEN: ${{ inputs.blackduck_token }}
diff --git a/.github/actions/scan-with-codeql/action.yml b/.github/actions/scan-with-codeql/action.yml
deleted file mode 100644
index 88e7f91..0000000
--- a/.github/actions/scan-with-codeql/action.yml
+++ /dev/null
@@ -1,45 +0,0 @@
-name: Scan with CodeQL
-description: Scans the project with CodeQL
-
-inputs:
- java-version:
- description: The Java version to use for the build.
- required: true
- maven-version:
- description: The Maven version to use for the build.
- required: true
-
-runs:
- using: composite
- steps:
- - name: Set up Java ${{ inputs.java-version }}
- uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
- with:
- java-version: ${{ inputs.java-version }}
- distribution: sapmachine
- cache: maven
-
- - name: Set up Maven ${{ inputs.maven-version }}
- uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
- with:
- maven-version: ${{ inputs.maven-version }}
-
- - name: Initialize CodeQL
- uses: github/codeql-action/init@ed410739ba306e4ebe5e123421a6bd694e494a2b # v4
- with:
- languages: java-kotlin
- build-mode: manual
- queries: security-extended
-
- - name: Install @sap/cds-dk
- run: npm i -g @sap/cds-dk
- shell: bash
-
- - name: Build Java code
- run: mvn clean compile -B -ntp -Dcds.install-node.skip
- shell: bash
-
- - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@ed410739ba306e4ebe5e123421a6bd694e494a2b # v4
- with:
- category: "/language:java-kotlin"
diff --git a/.github/workflows/blackduck.yml b/.github/workflows/blackduck.yml
index 14068d0..1556f2b 100644
--- a/.github/workflows/blackduck.yml
+++ b/.github/workflows/blackduck.yml
@@ -26,8 +26,13 @@ jobs:
- name: Checkout
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
- name: Scan With Black Duck
- uses: ./.github/actions/scan-with-blackduck
+ uses: cap-java/.github/actions/scan-with-blackduck@main
with:
blackduck_token: ${{ secrets.BLACK_DUCK_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
maven-version: ${{ env.MAVEN_VERSION }}
+ project-name: com.sap.cds.feature.console
+ included-modules: cds-feature-console
+ scan_mode: ${{ github.event_name == 'pull_request' && 'RAPID' || 'FULL' }}
+ rapid_compare_mode: ${{ github.event_name == 'pull_request' && 'BOM_COMPARE' || '' }}
+ excluded-dirs: '**/*test*,**/target/site'
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8d3de22..92fd512 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -36,8 +36,10 @@ jobs:
sonarq-token: ${{ secrets.SONAR_TOKEN }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: CodeQL Scan
- uses: ./.github/actions/scan-with-codeql
+ uses: cap-java/.github/actions/scan-with-codeql@main
if: matrix.java-version == '21.0.9'
with:
java-version: 21
maven-version: ${{ env.MAVEN_VERSION }}
+ language: java-kotlin
+ queries: security-extended
diff --git a/pom.xml b/pom.xml
index c751856..9d0a5ee 100644
--- a/pom.xml
+++ b/pom.xml
@@ -43,7 +43,7 @@
${java.version}
UTF-8
- 4.7.0
+ 4.9.0
https://cap.cloud.sap/docs/java
@@ -53,6 +53,14 @@
+
+ org.springframework.boot
+ spring-boot-dependencies
+ 3.5.14
+ pom
+ import
+
+
com.sap.cds
cds-services-bom
@@ -77,6 +85,18 @@
import
+
+ org.bouncycastle
+ bcprov-jdk18on
+ 1.84
+
+
+
+ org.bouncycastle
+ bcpkix-jdk18on
+ 1.84
+
+
org.java-websocket
Java-WebSocket