Skip to content

Commit 8996ccd

Browse files
ZhangJian Helhotari
ZhangJian He
authored and
lhotari
committed
[fix][ci] Fix OWASP Dependency Check download by using NVD API key (#4473)
Signed-off-by: ZhangJian He <[email protected]> (cherry picked from commit 7ab29e6)
1 parent a05bc53 commit 8996ccd

File tree

2 files changed

+6
-1
lines changed

2 files changed

+6
-1
lines changed

.github/workflows/bk-ci.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ on:
3232

3333
env:
3434
MAVEN_OPTS: -Xss1500k -Xmx1500m -Daether.connector.http.reuseConnections=false -Daether.connector.requestTimeout=60000 -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.http.retryHandler.requestSentEnabled=true -Dmaven.wagon.http.serviceUnavailableRetryStrategy.class=standard -Dmaven.wagon.rto=60000
35+
NIST_NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }}
3536

3637
concurrency:
3738
group: ${{ github.workflow }}-${{ github.ref }}

pom.xml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -193,7 +193,7 @@
193193
<maven-checkstyle-plugin.version>3.3.1</maven-checkstyle-plugin.version>
194194
<maven-compiler-plugin.version>3.12.1</maven-compiler-plugin.version>
195195
<maven-surefire-plugin.version>3.2.5</maven-surefire-plugin.version>
196-
<dependency-check-maven.version>9.2.0</dependency-check-maven.version>
196+
<dependency-check-maven.version>10.0.2</dependency-check-maven.version>
197197
<nar-maven-plugin.version>3.10.1</nar-maven-plugin.version>
198198
<os-maven-plugin.version>1.4.1.Final</os-maven-plugin.version>
199199
<protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>
@@ -1210,6 +1210,10 @@
12101210
<version>${dependency-check-maven.version}</version>
12111211
<inherited>false</inherited>
12121212
<configuration>
1213+
<!-- https://issues.apache.org/jira/projects/INFRA/issues/INFRA-26000 -->
1214+
<nvdApiKeyEnvironmentVariable>NIST_NVD_API_KEY</nvdApiKeyEnvironmentVariable>
1215+
<!-- Uncomment the following to use the NVD data feed provided by the Dependency-Check project -->
1216+
<!-- <nvdDatafeedUrl>https://jeremylong.github.io/DependencyCheck/hb_nvd/</nvdDatafeedUrl> -->
12131217
<suppressionFiles>
12141218
<suppressionFile>src/owasp-dependency-check-suppressions.xml</suppressionFile>
12151219
</suppressionFiles>

0 commit comments

Comments
 (0)