diff options
| author | Albin <albin@mullvad.net> | 2021-12-20 15:56:52 +0100 |
|---|---|---|
| committer | Albin <albin@mullvad.net> | 2021-12-20 15:56:52 +0100 |
| commit | 76f10411cdbc2167fd82b794186efe8b433721d0 (patch) | |
| tree | 9b6be060aa5574674e30dc2c646388af83514cfb | |
| parent | 01c39c0a8d173dc160278fe521706cb4fb087c57 (diff) | |
| parent | 3c999c033317d98865347545c0c75d3b85d42600 (diff) | |
| download | mullvadvpn-76f10411cdbc2167fd82b794186efe8b433721d0.tar.xz mullvadvpn-76f10411cdbc2167fd82b794186efe8b433721d0.zip | |
Merge branch 'add-android-dependency-audit'
| -rw-r--r-- | .github/workflows/android-audit.yml | 15 | ||||
| -rw-r--r-- | android/app/build.gradle | 8 | ||||
| -rw-r--r-- | android/build.gradle | 6 |
3 files changed, 29 insertions, 0 deletions
diff --git a/.github/workflows/android-audit.yml b/.github/workflows/android-audit.yml new file mode 100644 index 0000000000..4c6c17d006 --- /dev/null +++ b/.github/workflows/android-audit.yml @@ -0,0 +1,15 @@ +name: Android audit +on: + push: + paths: + - .github/workflows/android-audit.yml + - android/** + workflow_dispatch: +jobs: + owasp-dependency-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - run: | + cd android + ./gradlew dependencyCheckAnalyze diff --git a/android/app/build.gradle b/android/app/build.gradle index 6af629ec56..95f3b40d55 100644 --- a/android/app/build.gradle +++ b/android/app/build.gradle @@ -110,6 +110,14 @@ android { } } +dependencyCheck { + // Skip the lintClassPath configuration, which relies on many dependencies that has been flagged + // to have CVEs, as it's related to the lint tooling rather than the project's compilation class + // path. The alternative would be to suppress specific CVEs, however that could potentially + // result in suppressed CVEs in project compilation class path. + skipConfigurations += 'lintClassPath' +} + tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile).all { kotlinOptions { allWarningsAsErrors = false diff --git a/android/build.gradle b/android/build.gradle index 46b04e49d7..dd148cccb1 100644 --- a/android/build.gradle +++ b/android/build.gradle @@ -19,6 +19,8 @@ buildscript { classpath "com.android.tools.build:gradle:4.1.3" classpath "com.github.triplet.gradle:play-publisher:2.7.5" classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlinVersion" + classpath "org.owasp:dependency-check-gradle:6.5.0.1" + } } @@ -27,6 +29,10 @@ allprojects { google() mavenCentral() } + apply plugin: 'org.owasp.dependencycheck' + dependencyCheck { + failBuildOnCVSS = 0 // All severity levels + } } task clean(type: Delete) { |