Update dependency-check to 9.0.10 (#691)

Leverage NVD Api Key from GH organization secrets

Author: kwin

.github/workflows/maven.yml

@@ -4,6 +4,7 @@ on: [push, pull_request]
 
 jobs:
   build:
+    name: ${{ matrix.isMainBuildEnv && 'Primary Build' || 'Secondary Build' }}
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest, macOS-latest]
@@ -38,19 +39,23 @@ jobs:
       - name: Build and Analyse with Maven
         if: github.ref != 'refs/heads/develop' && matrix.isMainBuildEnv
         env: 
+          # NVD API key used by dependency-check
+          NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
           # SonarCloud access token should be generated from https://sonarcloud.io/account/security/
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           # Needed to get some information about the pull request, if any
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: mvn -e -B -V -Pintegration-tests clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=Netcentric_accesscontroltool -Dsonar.organization=netcentric -Dsonar.host.url=https://sonarcloud.io -Pdependency-check,coverage-report
+        run: mvn -e -B -V clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=Netcentric_accesscontroltool -Dsonar.organization=netcentric -Dsonar.host.url=https://sonarcloud.io -DnvdApiKeyEnvironmentVariable=NVD_API_KEY -Pdependency-check,coverage-report,integration-tests
 
       - name: Build, Analyse and Deploy with Maven
         if: github.ref == 'refs/heads/develop' && matrix.isMainBuildEnv
         env: 
+          # NVD API key used by dependency-check
+          NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
           MAVEN_USERNAME: ${{ secrets.OSSRH_TOKEN_USER }}
           MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN_PASSWORD }}
           # SonarCloud access token should be generated from https://sonarcloud.io/account/security/
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           # Needed to get some information about the pull request, if any
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: mvn -e -B -V -Pintegration-tests clean deploy org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=Netcentric_accesscontroltool -Dsonar.organization=netcentric -Dsonar.host.url=https://sonarcloud.io -Pdependency-check,coverage-report
+        run: mvn -e -B -V clean deploy org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=Netcentric_accesscontroltool -Dsonar.organization=netcentric -Dsonar.host.url=https://sonarcloud.io -DnvdApiKeyEnvironmentVariable=NVD_API_KEY -Pdependency-check,coverage-report,integration-tests

pom.xml

@@ -420,9 +420,8 @@
                 <plugin>
                     <groupId>org.owasp</groupId>
                     <artifactId>dependency-check-maven</artifactId>
-                    <version>8.1.0</version>
+                    <version>9.0.10</version>
                     <configuration>
-                        <cveValidForHours>24</cveValidForHours>
                         <failBuildOnCVSS>11</failBuildOnCVSS>
                         <skipProvidedScope>true</skipProvidedScope>
                         <skipSystemScope>true</skipSystemScope>