diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..c93b5a2 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,57 @@ +name: "CodeQL" + +on: + push: + branches: + - main + pull_request: + branches: + - main + schedule: + - cron: '18 22 * * 6' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'java' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: create checksum file + uses: hypertrace/github-actions/checksum@main + + - name: create checksum file + uses: hypertrace/github-actions/checksum@main + + - name: Cache packages + uses: actions/cache@v2 + with: + path: ~/.gradle + key: gradle-packages-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/checksum.txt') }} + restore-keys: | + gradle-packages-${{ runner.os }}-${{ github.job }} + gradle-packages-${{ runner.os }} + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/platform-metrics/build.gradle.kts b/platform-metrics/build.gradle.kts index dcc90ae..7204ebd 100644 --- a/platform-metrics/build.gradle.kts +++ b/platform-metrics/build.gradle.kts @@ -11,7 +11,7 @@ tasks.test { dependencies { api("com.typesafe:config:1.4.1") - api("io.dropwizard.metrics:metrics-core:4.1.16") + api("io.dropwizard.metrics:metrics-core:4.2.9") api("io.micrometer:micrometer-core:1.5.3") api("javax.servlet:javax.servlet-api:3.1.0") @@ -19,11 +19,11 @@ dependencies { implementation("io.github.mweirauch:micrometer-jvm-extras:0.2.0") implementation("org.slf4j:slf4j-api:1.7.30") - implementation("io.dropwizard.metrics:metrics-jvm:4.1.16") + implementation("io.dropwizard.metrics:metrics-jvm:4.2.9") implementation("io.prometheus:simpleclient_dropwizard:0.12.0") implementation("io.prometheus:simpleclient_servlet:0.12.0") implementation("io.prometheus:simpleclient_pushgateway:0.12.0") - implementation("org.eclipse.jetty:jetty-servlet:9.4.44.v20210927") + implementation("org.eclipse.jetty:jetty-servlet:9.4.46.v20220331") implementation ("com.google.guava:guava:30.1.1-jre") testImplementation("org.junit.jupiter:junit-jupiter:5.7.1") diff --git a/platform-service-framework/build.gradle.kts b/platform-service-framework/build.gradle.kts index 4c134e5..0e4505a 100644 --- a/platform-service-framework/build.gradle.kts +++ b/platform-service-framework/build.gradle.kts @@ -17,8 +17,8 @@ dependencies { api("com.typesafe:config:1.4.1") // Use for thread dump servlet - implementation("io.dropwizard.metrics:metrics-servlets:4.2.8") - implementation("org.eclipse.jetty:jetty-servlet:9.4.44.v20210927") + implementation("io.dropwizard.metrics:metrics-servlets:4.2.9") + implementation("org.eclipse.jetty:jetty-servlet:9.4.46.v20220331") // Use for metrics servlet implementation("io.prometheus:simpleclient_servlet:0.12.0") @@ -30,11 +30,15 @@ dependencies { implementation("commons-codec:commons-codec:1.15") { because("version 1.12 has a vulnerability https://snyk.io/vuln/SNYK-JAVA-COMMONSCODEC-561518") } + implementation("com.fasterxml.jackson.core:jackson-databind:2.12.6.1") { + because("version 2.12.6 has vulnerability https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244") + } + } testImplementation("org.apache.logging.log4j:log4j-slf4j-impl:2.17.0") testImplementation("org.junit.jupiter:junit-jupiter:5.7.1") testImplementation("org.mockito:mockito-core:3.8.0") - testImplementation("org.eclipse.jetty:jetty-servlet:9.4.44.v20210927:tests") - testImplementation("org.eclipse.jetty:jetty-http:9.4.44.v20210927:tests") + testImplementation("org.eclipse.jetty:jetty-servlet:9.4.46.v20220331:tests") + testImplementation("org.eclipse.jetty:jetty-http:9.4.46.v20220331:tests") }