chains-project · randomicecube · Mar 21, 2025 · Mar 26, 2025 · Mar 26, 2025 · Mar 28, 2025
diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml
@@ -97,3 +97,36 @@ jobs:
 
       - name: Run reproducibility check
         run: mvn clean install
+  dirty-waters:
+    runs-on:
+        ubuntu-latest
+    permissions:
+      pull-requests: write # To comment on a Pull Request
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+
+      - name: Verify action checksums
+        uses: ./.github/actions/ghasum
+
+      - name: Setup JDK17
+        uses: actions/[email protected]
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Dirty Waters Analysis
+        uses: chains-project/[email protected]
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          package_manager: maven
+          gradual_report: false
+          debug: true
+          config: dirty-waters.json
+
diff --git a/.github/workflows/gha.sum b/.github/workflows/gha.sum
@@ -6,8 +6,10 @@ actions/[email protected] hJDiqW4455iVs8gVcWjiEbjhuvh0oXQKy9fN/BGF
 actions/[email protected] vSiNC7HetrtPF3QhZDzPHWyJ1e8pFltzruLjcw65Sok=
 actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 XE1eqHfEOlHsHx+3cUQA1OGC3jxGBnmx7eTIdEzwSoI=
 actions/[email protected] cKZQn6p38RgADB4MCMpbFp94sScgm/u3B7rEDB9QS5I=
+actions/[email protected] MTHBGEHwb+MeIw3xRLiVuM/uyRfuK8hlVXL+Z/yEA8c=
 actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 kZHHfo2NsxevBRTKrZnUpDu0Cxgtj5Vooe4x4rylvg8=
 actions/[email protected] kZHHfo2NsxevBRTKrZnUpDu0Cxgtj5Vooe4x4rylvg8=
+chains-project/[email protected] BlbW87cG7BWyVwIVCVZ404lqjY7rTn4kW8qvMsJMUTw=
 github/codeql-action@fca7ace96b7d713c7035871441bd52efbe39e27e isV5lqC6wkNvVt39ZRMEzeObQFeIfinccYsbjv7/JTc=
 github/[email protected] isV5lqC6wkNvVt39ZRMEzeObQFeIfinccYsbjv7/JTc=
 jreleaser/[email protected] Ixc/05XDYYHGUvtC6Jt9gB/mpHPIwBX7PR8At1yEWSs=

diff --git a/dirty-waters.json b/dirty-waters.json
@@ -0,0 +1,65 @@
+{
+    "ignore": {
+        "aopalliance:[email protected]": ["code_signature"],
+        "com.google.collections:[email protected]": ["code_signature"],
+        "com.google.guava:[email protected]": ["source_code_sha"],
+        "com.kohlschutter.junixsocket:[email protected]": ["code_signature"],
+        "commons-beanutils:[email protected]": ["source_code", "code_signature"],
+        "commons-chain:[email protected]": ["code_signature"],
+        "commons-cli:[email protected]": ["source_code_sha"],
+        "commons-codec:[email protected]": ["source_code_sha"],
+        "commons-codec:[email protected]": ["source_code_sha"],
+        "commons-codec:[email protected]": ["source_code_sha"],
+        "commons-digester:[email protected]": ["code_signature"],
+        "commons-io:[email protected]": ["source_code_sha"],
+        "commons-io:[email protected]": ["source_code_sha"],
+        "commons-io:[email protected]": ["source_code_sha"],
+        "commons-io:[email protected]": ["source_code_sha"],
+        "dom4j:[email protected]": ["source_code", "code_signature"],
+        "io.github.crac:[email protected]": ["source_code_sha"],
+        "io.vertx:[email protected]": ["source_code_sha"],
+        "io.vertx:[email protected]": ["source_code_sha"],
+        "io.vertx:[email protected]": ["source_code_sha"],
+        "io.vertx:[email protected]": ["source_code_sha"],
+        "jakarta.el:[email protected]": ["source_code_sha"],
+        "jakarta.interceptor:[email protected]": ["source_code_sha"],
+        "jakarta.json:[email protected]": ["source_code_sha"],
+        "javax.inject:javax.inject@1": ["code_signature"],
+        "om.kohlschutter.junixsocket:[email protected]": ["code_signature"],
+        "org.aesh:[email protected]": ["code_signature", "source_code_sha"],
+        "org.aesh:[email protected]": ["code_signature"],
+        "org.apache.commons:[email protected]": ["source_code_sha"],
+        "org.apache.commons:[email protected]": ["source_code_sha"],
+        "org.apache.commons:[email protected]": ["source_code_sha"],
+        "org.apache.commons:[email protected]": ["source_code_sha"],
+        "org.apache.commons:[email protected]": ["source_code_sha"],
+        "org.apache.commons:[email protected]": ["source_code_sha"],
+        "org.apache.httpcomponents:[email protected]": ["source_code_sha"],
+        "org.apache.httpcomponents:[email protected]": ["source_code_sha"],
+        "org.codehaus.plexus:[email protected]": ["code_signature"],
+        "org.eclipse.sisu:[email protected]": ["source_code_sha"],
+        "org.eclipse.sisu:[email protected]": ["source_code_sha"],
+        "org.iq80.snappy:[email protected]": ["source_code"],
+        "org.jboss.logging:[email protected]": ["code_signature"],
+        "org.jboss.logging:[email protected]": ["code_signature"],
+        "org.jboss.logging:[email protected]": ["code_signature"],
+        "org.jboss.logmanager:[email protected]": ["code_signature"],
+        "org.jboss.marshalling:[email protected]": ["source_code_sha"],
+        "org.jboss.slf4j:[email protected]": ["code_signature", "source_code_sha"],
+        "org.jboss.threads:[email protected]": ["code_signature"],
+        "org.jdom:[email protected]": ["source_code_sha"],
+        "org.junit.platform:[email protected]": ["source_code_sha"],
+        "org.junit.platform:[email protected]": ["source_code_sha"],
+        "org.junit.platform:[email protected]": ["source_code_sha"],
+        "org.sonatype.plexus:[email protected]": ["source_code"],
+        "org.sonatype.plexus:[email protected]": ["source_code"],
+        "org.twdata.maven:[email protected]": ["source_code_sha"],
+        "org.wildfly.common:[email protected]": ["code_signature"],
+        "oro:[email protected]": ["source_code", "code_signature"]
+    },
+    "ignore-if-parent": {
+        "com.diffplug.spotless:[email protected]": ["source_code_sha"],
+        "org.apache.maven.plugins:[email protected]": ["source_code_sha"],
+        "org.apache.maven.plugins:[email protected]": ["source_code_sha"]
+    }
+}