dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,688 Commits 11 Branches 78 Tags
Commit Graph

17 Commits

Author SHA1 Message Date
neilnaveen
f3d8206a07
Set permissions for GitHub actions (#1228) 
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
 2022-04-09 12:54:32 +02:00
dependabot[bot]
56f5b0f0fa
Bump actions/cache from 2.1.7 to 3 (#1220) 
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.7...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-26 14:33:06 +01:00
dependabot[bot]
984548ae88
Bump actions/checkout from 2 to 3 (#1213) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-09 14:52:49 +01:00
Nanne Baars
a42f8fcf75 No progress information for Maven 2021-12-20 16:45:06 +01:00
dependabot[bot]
48fd7f310e Bump actions/cache from 2.1.5 to 2.1.7 
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.5 to 2.1.7.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.5...v2.1.7)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-11-23 13:21:52 +01:00
Nanne Baars
36bdd9b1a0 Rename master to main 2021-10-30 22:50:47 +02:00
Nanne Baars
6a92f651f8 Move to Java 17 2021-10-28 21:19:05 +02:00
Nanne Baars
76af488d16 Move Github actions to same image as Docker run on 2021-10-24 13:08:52 +02:00
Nanne Baars
cc0d0fa2a6
Ignore branch builds on main repository 2021-10-24 11:51:47 +02:00
Nanne Baars
a4104fdf8b
Ignore branch builds on our repository 2021-10-24 11:43:03 +02:00
Nanne Baars
720414eba6
Ignore branch builds on our repository 2021-10-24 11:40:13 +02:00
Nanne Baars
541c424eb9
Ignore branch builds on our repository 2021-10-24 11:36:35 +02:00
Nanne Baars
b0174a6b26
Revert all GH actions work 2021-10-24 10:20:27 +02:00
Nanne Baars
01d3453c41 Simplify Github actions 
Consolidate build steps to 1 script this way we don't run multiple builds for pushing a branch and create a PR.
 2021-10-24 09:30:00 +02:00
Nanne Baars
dc71975f27 No need to do mvn clean 2021-10-02 17:49:42 +02:00
Nanne Baars
b79a9c6b2c Build should use Java 16 2021-10-02 17:49:42 +02:00
Nanne Baars
5adf1d1dd7
Renaming the actions 2021-09-30 17:11:08 +02:00