55 setup owasp zap for online banking appe8 #40

	# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
	# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven

	# This workflow uses actions that are not certified by GitHub.
	# They are provided by a third-party and are governed by
	# separate terms of service, privacy policy, and support
	# documentation.

	name: Java CI with Maven

	on:
	push:
	branches: [ "main" ]
	pull_request:
	branches: [ "main" ]

	jobs:
	build:

	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4
	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'
	cache: maven
	- name: Build with Maven
	run: mvn clean install


	security-scan:
	runs-on: ubuntu-latest
	needs: build # Ensures that the security scan runs only if the build job succeeds

	steps:
	# Step 1: Checkout code
	- name: Checkout code
	uses: actions/checkout@v4

	# Step 2: Set up Java
	- name: Set up Java 17
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'

	# Step 3: Run OWASP Dependency Check
	- name: Run OWASP Dependency-Check
	run: mvn dependency-check:check

	# Step 5: Check for CVSS issues
	- name: Fail the build if critical vulnerabilities found
	run: \|
	# Search the ZAP report for vulnerabilities with CVSS >= 5.0 (critical)
	if grep -qP 'CVSS: 5\.[0-9]*' target/dependency-check-report.html; then
	echo "Critical vulnerabilities (CVSS >= 5.0) found. Failing the build."
	exit 1
	fi

	#Add pmd check

Provide feedback