Merge pull request #80 from siemens/update-dependency-checker

Update OWASP dependency check plugin to version 9.0.7 using NVD API Key
siemens · Jan 12, 2024 · 7bbd218 · 7bbd218
2 parents b0e4dec + 966aff5
commit 7bbd218
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml
@@ -56,6 +56,14 @@ jobs:
         with:
           java-version: 11
           distribution: 'temurin'
+      - name: Cache Maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
       - name: Analyze dependencies
+        env:
+          NVD_API_KEY: ${{ secrets.NVD_TOKEN }}
         # this will run the OWASP dependency checker only
         run: mvn -B verify -DskipTests -Dgpg.skip
diff --git a/pom.xml b/pom.xml
@@ -130,7 +130,7 @@
 			<plugin>
 				<groupId>org.owasp</groupId>
 				<artifactId>dependency-check-maven</artifactId>
-				<version>8.4.3</version>
+				<version>9.0.7</version>
 				<executions>
 					<execution>
 						<goals>