neuhalje / bouncy-gpg

Make using Bouncy Castle with OpenPGP fun again!
https://neuhalje.github.io/bouncy-gpg/
Other
207 stars 54 forks source link

Add GitHub Actions CI and upgrade Gradle #80

Closed xSAVIKx closed 7 months ago

xSAVIKx commented 8 months ago

In this PR I have created a simple CI workflow that we can use instead of existing Travis CI.

As part of this PR I have also fixed deprecated Gradle features and upgraded Gradle to latest v7

neuhalje commented 8 months ago

Logo Checkmarx One – Scan Summary & Detailsd757206b-8f65-4075-98fc-331b491b5194

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM CVE-2019-10782 Maven-com.puppycrawl.tools:checkstyle-8.24 Vulnerable Package
MEDIUM Unpinned Actions Full Length Commit SHA /ci.yaml: 34 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...

Fixed Issues

Severity Issue Source File / Package
HIGH CVE-2014-0114 Maven-commons-beanutils:commons-beanutils-1.9.3
HIGH CVE-2019-10086 Maven-commons-beanutils:commons-beanutils-1.9.3
MEDIUM CVE-2018-10237 Maven-com.google.guava:guava-22.0
MEDIUM CVE-2019-9658 Maven-com.puppycrawl.tools:checkstyle-8.1