ci: vulnerability scan tweaks

lread · lread · commit fafaf206bea5 · 2024-07-01T23:09:21.000-04:00
Addendum for #125
diff --git a/.github/workflows/nvd_scanner.yml b/.github/workflows/nvd_scanner.yml
@@ -29,10 +29,13 @@ jobs:
         cli: 'latest'
         bb: 'latest'
 
-    - name: Generate Cache Key
+    - name: Generate Cache Key File
+      # go with bash instead of bb, we have not downloaded our deps yet
       run: |
-        bb --version
-        bb latest-release nvd-clojure | tee nvd_check_helper_project/nvd-clojure-version.txt
+        curl --fail -s \
+          https://clojars.org/api/artifacts/nvd-clojure | \
+          jq ".latest_release" | \
+          tee nvd_check_helper_project/nvd-clojure-version.txt
 
     - name: Restore NVD DB & Clojure Deps Cache
       # nvd caches its db under ~/.m2/repository/org/owasp so that it can
diff --git a/nvd_check_helper_project/deps.edn b/nvd_check_helper_project/deps.edn
@@ -4,4 +4,4 @@
         #_:clj-kondo/ignore
         {:mvn/version "RELEASE"}
         ;; temporarily try bumping transitive dep to current release
-        org.owasp/dependency-check-maven {:mvn/version "10.0.0"}}}
+        org.owasp/dependency-check-core {:mvn/version "10.0.0"}}}
