[fix][ci] Fix OWASP Dependency Check download by using NVD API key (#…

…4473) Signed-off-by: ZhangJian He <shoothzj@gmail.com>
apache · Jul 29, 2024 · 7ab29e6 · 7ab29e6
1 parent 5662524
commit 7ab29e6
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 1 deletion.
diff --git a/.github/workflows/bk-ci.yml b/.github/workflows/bk-ci.yml
@@ -32,6 +32,7 @@ on:
 
 env:
   MAVEN_OPTS: -Xss1500k -Xmx1500m -Daether.connector.http.reuseConnections=false -Daether.connector.requestTimeout=60000 -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.http.retryHandler.requestSentEnabled=true -Dmaven.wagon.http.serviceUnavailableRetryStrategy.class=standard -Dmaven.wagon.rto=60000
+  NIST_NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }}
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

diff --git a/.github/workflows/owasp-daily-build.yml b/.github/workflows/owasp-daily-build.yml
@@ -21,6 +21,9 @@ on:
     - cron: '0 0 * * *'  # Runs at 00:00 UTC every day
   workflow_dispatch:
 
+env:
+  NIST_NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }}
+
 jobs:
   owasp-daily-build:
     name: OWASP Dependency Check

diff --git a/pom.xml b/pom.xml
@@ -192,7 +192,7 @@
     <maven-checkstyle-plugin.version>3.3.1</maven-checkstyle-plugin.version>
     <maven-compiler-plugin.version>3.12.1</maven-compiler-plugin.version>
     <maven-surefire-plugin.version>3.2.5</maven-surefire-plugin.version>
-    <dependency-check-maven.version>9.2.0</dependency-check-maven.version>
+    <dependency-check-maven.version>10.0.2</dependency-check-maven.version>
     <nar-maven-plugin.version>3.10.1</nar-maven-plugin.version>
     <os-maven-plugin.version>1.4.1.Final</os-maven-plugin.version>
     <protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>
@@ -1169,6 +1169,10 @@
             <version>${dependency-check-maven.version}</version>
             <inherited>false</inherited>
             <configuration>
+              <!-- https://issues.apache.org/jira/projects/INFRA/issues/INFRA-26000 -->
+              <nvdApiKeyEnvironmentVariable>NIST_NVD_API_KEY</nvdApiKeyEnvironmentVariable>
+              <!-- Uncomment the following to use the NVD data feed provided by the Dependency-Check project -->
+              <!-- <nvdDatafeedUrl>https://jeremylong.github.io/DependencyCheck/hb_nvd/</nvdDatafeedUrl> -->
               <suppressionFiles>
                 <suppressionFile>src/owasp-dependency-check-suppressions.xml</suppressionFile>
               </suppressionFiles>