Merge pull request #55 from jaydenchee97/feature

update workflow
jaydenchee97 · Aug 30, 2024 · 4985ac0 · 4985ac0
2 parents 889ea20 + d48f1ab
commit 4985ac0
Showing 1 changed file with 24 additions and 27 deletions.
diff --git a/.github/workflows/owasp-scan.yml b/.github/workflows/owasp-scan.yml
@@ -1,4 +1,4 @@
-name: OWASP Depedency Scan
+name: OWASP Dependency Scan
 
 on:
   push:
@@ -16,30 +16,11 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v3
 
-      - name: Use Node.js ${{ matrix.node-version }}
+      - name: Use Node.js
         uses: actions/setup-node@v3
         with:
-          node-version: ${{ matrix.node-version }}
+          node-version: '18'
           cache: "npm"
-
-      - name: Install Node Modules for Amplify Functions
-        run: |
-          if [ -d amplify/backend/function/accommodationFunction/src ]; then
-            cd amplify/backend/function/accommodationFunction/src && npm install
-            cd - # Go back to the previous directory
-          fi
-          if [ -d amplify/backend/function/locationSearchApi/src ]; then
-            cd amplify/backend/function/locationSearchApi/src && npm install
-            cd -
-          fi
-          if [ -d amplify/backend/function/recommendationHandler/src ]; then
-            cd amplify/backend/function/recommendationHandler/src && npm install
-            cd -
-          fi
-          if [ -d amplify/backend/function/geocodingHandler/src ]; then
-            cd amplify/backend/function/geocodingHandler/src && npm install
-            cd -
-          fi
 
       - name: Install dependencies
         run: npm ci
@@ -55,12 +36,28 @@ jobs:
           wget https://github.com/jeremylong/DependencyCheck/releases/download/v10.0.3/dependency-check-10.0.3-release.zip
           unzip dependency-check-10.0.3-release.zip
 
-      - name: Run OWASP Dependency-Check
+      - name: Run OWASP Dependency-Check for Frontend
+        run: |
+          ./dependency-check/bin/dependency-check.sh --project UniRent --out ./dependency-report/unirent-frontend.html --scan ./ --nvdApiKey ${{ secrets.NVD_API_KEY }}
+
+      - name: Run OWASP Dependency-Check for accommodationFunction
+        run: |
+          ./dependency-check/bin/dependency-check.sh --project accommodationFunction --out ./dependency-report/accommodationFunction.html --scan .\amplify\backend\function\accommodationFunction\src --nvdApiKey ${{ secrets.NVD_API_KEY }}
+
+      - name: Run OWASP Dependency-Check for geocodingHandler 
+        run: |
+          ./dependency-check/bin/dependency-check.sh --project geocodingHandler --out ./dependency-report/geocodingHandler.html --scan .\amplify\backend\function\geocodingHandler\src --nvdApiKey ${{ secrets.NVD_API_KEY }}
+
+      - name: Run OWASP Dependency-Check for locationSearchApi 
+        run: |
+          ./dependency-check/bin/dependency-check.sh --project locationSearchApi --out ./dependency-report/locationSearchApi.html --scan .\amplify\backend\function\locationSearchApi\src --nvdApiKey ${{ secrets.NVD_API_KEY }}
+
+      - name: Run OWASP Dependency-Check for recommendationHandler 
         run: |
-          ./dependency-check/bin/dependency-check.sh --project UniRent --out ./dependency-report --scan ./
+          ./dependency-check/bin/dependency-check.sh --project recommendationHandler --out ./dependency-report/recommendationHandler.html --scan .\amplify\backend\function\recommendationHandler\src --nvdApiKey ${{ secrets.NVD_API_KEY }}
 
-      - name: Upload Dependency-Check Report
+      - name: Upload Dependency-Check Reports
         uses: actions/upload-artifact@v3
         with:
-          name: dependency-check-report
-          path: ./dependency-report/dependency-check-report.html
+          name: dependency-check-reports
+          path: ./dependency-report/