siemens
diff --git a/‎.github/dependabot.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/dependabot.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/testForLicenseHeaders.sh‎
Lines changed: 1 addition & 0 deletions b/‎.github/testForLicenseHeaders.sh‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/build_and_test.yml‎
Lines changed: 14 additions & 14 deletions b/‎.github/workflows/build_and_test.yml‎
Lines changed: 14 additions & 14 deletions
diff --git a/‎.github/workflows/codeql.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/codeql.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/dependency-review.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/dependency-review.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/docker_deploy.yml‎
Lines changed: 0 additions & 186 deletions b/‎.github/workflows/docker_deploy.yml‎
Lines changed: 0 additions & 186 deletions
diff --git a/‎.github/workflows/scorecard.yml‎
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/scorecard.yml‎
Lines changed: 4 additions & 4 deletions
@@ -3,14 +3,14 @@ updates:
   - package-ecosystem: github-actions
     directory: /
     schedule:
-      interval: daily
+      interval: weekly
 
   - package-ecosystem: docker
     directory: /
     schedule:
-      interval: daily
+      interval: weekly
 
   - package-ecosystem: maven
     directory: /
     schedule:
-      interval: daily
+      interval: weekly
@@ -40,6 +40,7 @@ done <<< "$(git ls-files \
     | grep -v 'id_rsa' \
     | grep -v '.versions' \
     | grep -v '.github/*' \
+    | grep -v 'third-party/*' \
     | grep -v 'scripts/lint/checkstyle.xml' \
     | grep -v 'scripts/lint/google_checks.xml' \
     | grep -v 'sw360.code-workspace' \
 
@@ -1,5 +1,6 @@
 # -----------------------------------------------------------------------------
 # Copyright Siemens AG, 2021.
+# Copyright Helio Chissini de Castro 2022-2025
 # Part of the SW360 Portal Project.
 #
 # This program and the accompanying materials are made
@@ -14,16 +15,20 @@ name: SW360 Build and Test
 
 on:
   pull_request:
-    branches: [main]
+    branches:
+      - main
     paths-ignore:
-      - "**.md"
-      - ".github/workflows/docker_deploy.yml"
-      - ".github/workflows/scorecard.yml"
+      - third-party/**
+      - Dockerfile
+      - docker_build.sh
+      - .github/sw360_container.yml
+      - .github/thrift_container.yml
   workflow_dispatch:
 
 env:
   COUCHDB_USER: sw360
   COUCHDB_PASSWORD: sw360fossie
+  THRIFT_VERSION: "0.20.0"
 
 permissions:
   contents: read
@@ -35,7 +40,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
         with:
           egress-policy: audit
 
@@ -47,10 +52,6 @@ jobs:
           chmod +x .github/testForLicenseHeaders.sh
           bash .github/testForLicenseHeaders.sh
 
-      - name: Set environment variables
-        run: |
-          cat .versions >> $GITHUB_ENV
-
       - name: Setup CouchDB
         run: scripts/startCouchdbForTests.sh
 
@@ -62,16 +63,15 @@ jobs:
           sudo sed -i 's/^couchdb.password\s*=/& '${COUCHDB_PASSWORD}'/' /etc/sw360/couchdb-test.properties
 
       - name: Set up JDK 21
-        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
           java-version: "21"
           distribution: "temurin"
           check-latest: true
-          cache: "maven"
 
       - name: Cache Thrift
         id: cache-thrift
-        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         with:
           path: |
             ${{ github.workspace }}/dist/thrift-${{ env.THRIFT_VERSION }}
@@ -84,8 +84,8 @@ jobs:
         run: |
           sudo apt-get update -qq
           sudo DEBIAN_FRONTEND=noninteractive apt-get install -yq build-essential libevent-dev libtool flex bison pkg-config libssl-dev git cmake
-          chmod +x scripts/install-thrift.sh
-          DESTDIR=${{ github.workspace }}/dist/thrift-${{ env.THRIFT_VERSION }} scripts/install-thrift.sh
+          chmod +x third-party/thrift/install-thrift.sh
+          DESTDIR=${{ github.workspace }}/dist/thrift-${{ env.THRIFT_VERSION }} third-party/thrift/install-thrift.sh
 
       - name: Build SW360
         run: |
 
@@ -59,7 +59,7 @@ jobs:
         # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
         with:
           egress-policy: audit
 
@@ -68,7 +68,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
+        uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
@@ -96,6 +96,6 @@ jobs:
           exit 1
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
+        uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
         with:
           category: "/language:${{matrix.language}}"
@@ -17,11 +17,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
         with:
           egress-policy: audit
 
       - name: 'Checkout Repository'
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
+        uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1
@@ -31,7 +31,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
         with:
           egress-policy: audit
 
@@ -41,20 +41,20 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
         with:
           results_file: results.sarif
           results_format: sarif
           publish_results: true
 
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
+        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
         with:
           sarif_file: results.sarif