build(deps): bump org.owasp:dependency-check-maven in /xml #1353

	---
	name: Docker Hub

	on:
	push:
	schedule:
	- cron: "0 0 * * 0"
	workflow_dispatch:

	permissions: {}

	jobs:
	dockerhub:
	if: startsWith(github.ref, 'refs/heads/')
	runs-on: ubuntu-latest
	strategy:
	matrix:
	platform: ["linux/amd64", "linux/arm64"]
	tag: ["main", "latest"]
	steps:
	- name: Set IMAGE
	shell: bash
	run: \|
	set -euo pipefail
	IFS=$'\n\t'
	echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}"
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	persist-credentials: false
	- name: Pull the ${{ matrix.tag }} ${{ matrix.platform }} image
	shell: bash
	run: \|
	set -euo pipefail
	IFS=$'\n\t'
	docker pull --platform "${{ matrix.platform }}" "${GITHUB_REPOSITORY_OWNER}/${IMAGE}:${{ matrix.tag }}"
	- name: Pull the ${{ matrix.tag }} ${{ matrix.platform }} image SBOM
	shell: bash
	run: \|
	set -euo pipefail
	IFS=$'\n\t'
	docker buildx imagetools inspect "${GITHUB_REPOSITORY_OWNER}/${IMAGE}:${{ matrix.tag }}" --format "{{ json (index .SBOM \"${{ matrix.platform }}\").SPDX }}"
	- name: Install cosign
	uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
	- name: Verify the ${{ matrix.tag }} image signature
	shell: bash
	run: \|
	set -euo pipefail
	IFS=$'\n\t'
	cosign verify "${GITHUB_REPOSITORY_OWNER}/${IMAGE}:${{ matrix.tag }}" --certificate-identity-regexp "https://github\.com/${GITHUB_REPOSITORY}/\.github/workflows/.+" --certificate-oidc-issuer 'https://token.actions.githubusercontent.com'

Provide feedback