Fix CVE scanning (#2561)

* Fixed CVE scan

* Added JAVA_HOME env

* Fixed versioning

* Fixed versioning

* Fixed versioning

.github/workflows/cve-scanning.yml

@@ -3,6 +3,8 @@ name: CVE Scanning for Maven
 on:
   workflow_dispatch:
   push:
+    branches:
+      - master
     paths:
       - 'pom.xml'
       - 'allow-list.xml'
@@ -14,7 +16,7 @@ on:
       - '.github/workflows/cve-scanning.yml'
 
 jobs:
-  build:
+  depcheck:
 
     runs-on: ubuntu-latest
 
@@ -29,4 +31,19 @@ jobs:
     - name: Build with Maven
       run: mvn clean install -DskipTests
     - name: CVE scanning
-      run: mvn org.owasp:dependency-check-maven:check -DfailBuildOnCVSS=7 -DsuppressionFile="allow-list.xml"
+      uses: dependency-check/[email protected]
+      env:
+        JAVA_HOME: /opt/jdk
+      with:
+        project: 'Common Domain Model'
+        path: '.'
+        format: 'HTML'
+        out: 'reports'
+        args: >
+          --suppression allow-list.xml
+          --failOnCVSS 7
+    - name: Upload results
+      uses: actions/upload-artifact@v3
+      with:
+        name: CVE Scan Report
+        path: ${{github.workspace}}/reports

.gitignore

@@ -58,4 +58,7 @@ venv/
 # Docusaurus website
 website/.docusaurus
 website/build
-website/node_modules
+website/node_modules
+
+# CVE scan reports
+/reports/