Update owasp plugin to 11.1.1

2024-12-11 13:54:49 -05:00 · 2024-12-11 13:54:49 -05:00 · fec504a024
parent d111d045ef
commit fec504a024
2 changed files with 10 additions and 3 deletions
--- a/.github/workflows/owasp.yml
+++ b/.github/workflows/owasp.yml
@ -17,10 +17,16 @@ jobs:
    - name: Checkout repository
      uses: actions/checkout@v4

-    - run: |
+    - env:
+        NVD_API_KEY:
+          ${{ secrets.NVD_API_KEY }}
+      run: |
        mvn -DskipTests install -P OWASP_CHECK

-    - run: |
+    - env:
+        NVD_API_KEY:
+          ${{ secrets.NVD_API_KEY }}
+      run: |
        mvn -DskipTests dependency-check:aggregate -P OWASP_CHECK

    - name: Upload SARIF file
--- a/pom.xml
+++ b/pom.xml
@ -384,8 +384,9 @@
                <plugin>
                    <groupId>org.owasp</groupId>
                    <artifactId>dependency-check-maven</artifactId>
-                    <version>8.2.1</version>
+                    <version>11.1.1</version>
                    <configuration>
+                        <nvdApiKeyEnvironmentVariable>NVD_API_KEY</nvdApiKeyEnvironmentVariable>
                        <suppressionFiles>
                            <suppressionFile>cve-suppression.xml</suppressionFile>
                        </suppressionFiles>