OWASP dependency check (daily) #648

	# the benefit of this over renovate is that this also analyzes transitive dependencies
	# while renovate (at least currently) only analyzes top-level dependencies
	name: OWASP dependency check (daily)

	on:
	schedule:
	- cron: '30 1 * * *'
	workflow_dispatch:

	jobs:
	analyze:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4

	- uses: actions/setup-java@v4
	with:
	distribution: temurin
	java-version: 17

	- name: Set up gradle
	uses: gradle/actions/setup-gradle@v4
	- name: Check dependencies
	run: ./gradlew dependencyCheckAnalyze

	- name: Upload report
	if: always()
	uses: actions/upload-artifact@v4
	with:
	path: javaagent/build/reports

Provide feedback