testing owasp dc (#73)

WingZer0o · web-flow · commit e6252a09afd8 · 2026-03-22T09:25:11.000-04:00
diff --git a/.github/workflows/dependency-scan.yml b/.github/workflows/dependency-scan.yml
@@ -1,4 +1,4 @@
-name: Dependency Scan
+name: OWASP Dependency Scan
 
 on:
   pull_request:
@@ -15,45 +15,48 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4
-
-    - name: Set up Rust
-      uses: dtolnay/rust-toolchain@stable
-
-    - name: Generate lockfile when missing
-      run: |
-        if [ ! -f Cargo.lock ]; then
-          cargo generate-lockfile
-        fi
-
-    - name: Set up Node.js
-      uses: actions/setup-node@v4
-      with:
-        node-version: "20"
-
-    - name: Set up Python
-      uses: actions/setup-python@v5
-      with:
-        python-version: "3.11"
-
-    - name: Install OWASP scanning tools
-      run: |
-        npm install -g @cyclonedx/cdxgen
-        python -m pip install --upgrade pip
-        pip install owasp-depscan
-
-    - name: Create reports directory
-      run: mkdir -p reports
-
-    - name: Generate CycloneDX SBOM
-      run: cdxgen -t rust -o reports/sbom.json .
-
-    - name: Run OWASP dep-scan
-      run: depscan --bom reports/sbom.json --reports-dir reports
-
-    - name: Upload dependency scan reports
-      uses: actions/upload-artifact@v4
-      if: always()
-      with:
-        name: dependency-scan-reports
-        path: reports/
+      - uses: actions/checkout@v4
+
+      - name: Set up Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Generate lockfile when missing
+        run: |
+          if [ ! -f Cargo.lock ]; then
+            cargo generate-lockfile
+          fi
+
+      - name: Build the project
+        run: cargo build --release --verbose
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "24"
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install OWASP scanning tools
+        run: |
+          npm install -g @cyclonedx/cdxgen
+          python -m pip install --upgrade pip
+          pip install owasp-depscan
+
+      - name: Create reports directory
+        run: mkdir -p reports
+
+      - name: Generate CycloneDX SBOM
+        run: cdxgen -t rust -o reports/sbom.json .
+
+      - name: Run OWASP dep-scan
+        run: depscan --bom reports/sbom.json --reports-dir reports
+
+      - name: Upload dependency scan reports
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: dependency-scan-reports
+          path: reports/
