mercedes-benz · sven-dmlr · Sep 27, 2024 · Aug 14, 2024 · Sep 6, 2024 · Sep 9, 2024
diff --git a/.github/workflows/documentation-build.yml b/.github/workflows/documentation-build.yml
@@ -37,13 +37,13 @@ jobs:
           fetch-depth: 0
 
       - name: Set up JDK 17
-        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
         with:
           java-version: 17
           distribution: temurin
 
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
+        uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
         with:
           cache-read-only: false
 
@@ -105,7 +105,7 @@ jobs:
       - name: Update documentation - Create pull request
         if: (inputs.publish-documentation != '') && (github.ref_name == env.ACTIONS_SECHUB_DOC_RELEASE_BRANCH)
         id: pr_release_documentation
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
         with:
           branch: release-documentation
           branch-suffix: short-commit-hash

diff --git a/.github/workflows/github-action-scan.yml b/.github/workflows/github-action-scan.yml
@@ -4,7 +4,17 @@ name: Build SecHub GHA (scan)
 on:
   push:
     branches:
-      - 'gha_*'
+      - 'develop'
+      - 'hotfix'
+      - 'main'
+      - 'master'
+    paths:
+      - '.github/workflows/github-action-scan.yml'
+      - 'github-actions/scan/**'
+  pull_request:
+    paths:
+      - '.github/workflows/github-action-scan.yml'
+      - 'github-actions/scan/**'
   # enable manual triggering of workflow
   workflow_dispatch:
 
@@ -64,7 +74,7 @@ jobs:
           key: ${{ runner.os }}-pds-${{ env.pds_version }}
 
       - name: Set up JDK 17 (to run servers)
-        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
         with:
           java-version: 17
           distribution: temurin

diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
@@ -3,29 +3,46 @@ name: Java & Go CI
 
 on:
   push:
-    branches-ignore:
-      # We do NOT build github action development branches here (because no Java or Go code is changed)
-      - 'gha_*'
-      # We ignore everything where tag starts with v* - this is done by release build!
-    tags-ignore:
-      - v*
+    branches:
+      - 'develop'
+      - 'hotfix'
+      - 'main'
+      - 'master'
+    paths:
+      - '**'
+      - '!docs/**'
+      - '!github-actions/**'
+      - '!sechub-doc/**'
+      - '!sechub-website/**'
+      - '.github/workflows/gradle.yml'
+  pull_request:
+    paths:
+      - '**'
+      - '!docs/**'
+      - '!github-actions/**'
+      - '!sechub-doc/**'
+      - '!sechub-website/**'
+      - '.github/workflows/gradle.yml'
+
   # enable manual triggering of workflow
   workflow_dispatch:
 
 jobs:
   build:
+    # Skip run when triggered by a tag
+    if: ${{ github.ref_type != 'tag' }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
 
       - name: Set up JDK 17
-        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
         with:
           java-version: 17
           distribution: temurin
 
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
+        uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
         with:
           cache-read-only: false
 

diff --git a/.github/workflows/publish-libraries.yml b/.github/workflows/publish-libraries.yml
@@ -28,13 +28,13 @@ jobs:
 
       # Build
       - name: Set up JDK 17
-        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
         with:
           java-version: 17
           distribution: temurin
 
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
+        uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
         with:
           cache-read-only: false
 

diff --git a/.github/workflows/release-client-server-pds.yml b/.github/workflows/release-client-server-pds.yml
@@ -91,13 +91,13 @@ jobs:
       # Setup + Caching
       # ----------------------
       - name: Set up JDK 17
-        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
         with:
           java-version: 17
           distribution: temurin
 
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
+        uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
         with:
           cache-read-only: false
 
@@ -143,7 +143,7 @@ jobs:
       - name: Create pull request for SPDX license headers
         id: pr_spdx_headers
         if: steps.apply-headers.outputs.commits != ''
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
         with:
           branch: release-spdx-headers
           branch-suffix: short-commit-hash
@@ -295,7 +295,7 @@ jobs:
       # -----------------------------------------
       - name: Create pull request for release documentation
         id: pr_release_documentation
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
         with:
           branch: release-documentation
           branch-suffix: short-commit-hash

diff --git a/.github/workflows/release-github-action.yml b/.github/workflows/release-github-action.yml
@@ -69,7 +69,7 @@ jobs:
       - name: Create pull request for SPDX license headers
         id: pr_spdx_headers
         if: steps.apply-headers.outputs.commits != ''
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
         with:
           branch: release-spdx-headers
           branch-suffix: short-commit-hash
@@ -130,7 +130,7 @@ jobs:
       - name: Create pull request for SecHub Github Action release
         id: pr_gha-release
         if: steps.github-actions_commit.outputs.commits != ''
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
         with:
           branch: release-github-action
           branch-suffix: short-commit-hash

diff --git a/.github/workflows/release-pds-tools.yml b/.github/workflows/release-pds-tools.yml
@@ -47,13 +47,13 @@ jobs:
       # Setup + Caching
       # ----------------------
       - name: Set up JDK 17
-        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
         with:
           java-version: 17
           distribution: temurin
 
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
+        uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
         with:
           cache-read-only: false
 
@@ -73,7 +73,7 @@ jobs:
       - name: Create pull request for SPDX license headers
         id: pr_spdx_headers
         if: steps.apply-headers.outputs.commits != ''
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
         with:
           branch: release-spdx-headers
           branch-suffix: short-commit-hash

diff --git a/.github/workflows/release-webui.yml b/.github/workflows/release-webui.yml
@@ -58,13 +58,13 @@ jobs:
       # Setup + Caching
       # ----------------------
       - name: Set up JDK 17
-        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
         with:
           java-version: 17
           distribution: temurin
 
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
+        uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
         with:
           cache-read-only: false
 
@@ -91,7 +91,7 @@ jobs:
       - name: Create pull request for SPDX license headers
         id: pr_spdx_headers
         if: steps.apply-headers.outputs.commits != ''
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
         with:
           branch: release-spdx-headers
           branch-suffix: short-commit-hash

diff --git a/.github/workflows/release-wrapper-checkmarx.yml b/.github/workflows/release-wrapper-checkmarx.yml
@@ -37,13 +37,13 @@ jobs:
       # Setup + Caching
       # ----------------------
       - name: Set up JDK 17
-        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
         with:
           java-version: 17
           distribution: temurin
 
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
+        uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
         with:
           cache-read-only: false
 
@@ -63,7 +63,7 @@ jobs:
       - name: Create a pull request for SPDX license headers
         id: pr_spdx_headers
         if: steps.apply-headers.outputs.commits != ''
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
         with:
           branch: release-spdx-headers
           branch-suffix: short-commit-hash

diff --git a/.github/workflows/release-wrapper-owaspzap.yml b/.github/workflows/release-wrapper-owaspzap.yml
@@ -38,13 +38,13 @@ jobs:
       # Setup + Caching
       # ----------------------
       - name: Set up JDK 17
-        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
         with:
           java-version: 17
           distribution: temurin
 
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
+        uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
         with:
           cache-read-only: false
 
@@ -64,7 +64,7 @@ jobs:
       - name: Create a pull request for SPDX license headers
         id: pr_spdx_headers
         if: steps.apply-headers.outputs.commits != ''
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
         with:
           branch: release-spdx-headers
           branch-suffix: short-commit-hash

diff --git a/.github/workflows/release-wrapper-prepare.yml b/.github/workflows/release-wrapper-prepare.yml
@@ -37,13 +37,13 @@ jobs:
       # Setup + Caching
       # ----------------------
       - name: Set up JDK 17
-        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
         with:
           java-version: 17
           distribution: temurin
 
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
+        uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
         with:
           cache-read-only: false
 
@@ -63,7 +63,7 @@ jobs:
       - name: Create a pull request for SPDX license headers
         id: pr_spdx_headers
         if: steps.apply-headers.outputs.commits != ''
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
         with:
           branch: release-spdx-headers
           branch-suffix: short-commit-hash

diff --git a/.github/workflows/release-wrapper-validation.yml b/.github/workflows/release-wrapper-validation.yml
@@ -37,13 +37,13 @@ jobs:
       # Setup + Caching
       # ----------------------
       - name: Set up JDK 17
-        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
         with:
           java-version: 17
           distribution: temurin
 
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
+        uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
         with:
           cache-read-only: false
 
@@ -63,7 +63,7 @@ jobs:
       - name: Create a pull request for SPDX license headers
         id: pr_spdx_headers
         if: steps.apply-headers.outputs.commits != ''
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
         with:
           branch: release-spdx-headers
           branch-suffix: short-commit-hash

diff --git a/.github/workflows/release-wrapper-xray.yml b/.github/workflows/release-wrapper-xray.yml
@@ -37,13 +37,13 @@ jobs:
       # Setup + Caching
       # ----------------------
       - name: Set up JDK 17
-        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
         with:
           java-version: 17
           distribution: temurin
 
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
+        uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
         with:
           cache-read-only: false
 
@@ -63,7 +63,7 @@ jobs:
       - name: Create a pull request for SPDX license headers
         id: pr_spdx_headers
         if: steps.apply-headers.outputs.commits != ''
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
         with:
           branch: release-spdx-headers
           branch-suffix: short-commit-hash

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -38,10 +38,11 @@ If you are new to contributing in Github, [First Contributions](https://github.c
 ## Create a fork
 If you would like to contribute code you can do so through Mercedes-Benz GitHub by forking the repository and sending a pull request.
 
+0. Make sure that an [issue on Github](https://github.com/mercedes-benz/sechub/issues) exists for your contribution
 1. Fork the repository at `https://github.com/mercedes-benz/sechub.git` via web UI
 2. Create a branch (e.g. "feature-868-rename-to-sechub-api-java") in your forked repository
 3. Make your changes in this branch
-4. Create a pull request from your fork via github.com web ui into our `community` branch (not `develop`!)
+4. Create a pull request from your fork via github.com web ui into our `develop` branch
 
 Inside the description it's a good way to mention the related issues with "closes #${issue number}" - this will automatically link the issue and the pull request inside the WebUI.<br>
 It also will close the linked issue automatically when the pull request is merged!

diff --git a/build.gradle b/build.gradle
@@ -30,7 +30,7 @@ plugins {
     id 'org.asciidoctor.jvm.pdf' version '3.3.2'
 
     // open api
-    id 'org.openapi.generator' version '7.7.0'
+    id 'org.openapi.generator' version '7.8.0'
 
     // spring
     id 'org.springframework.boot' version '3.2.2' apply false

diff --git a/github-actions/scan/.gitignore b/github-actions/scan/.gitignore
@@ -1 +1,2 @@
 runtime/
+dist/