Update maven dependency-check plugin to 9.0.4 and reconfigure GitHub …

…Actions * Use NVD_API_KEY * Revert CmpRaComponent version to latest release on Maven Central v.4.0.0
siemens · Dec 22, 2023 · 4fa087b · 4fa087b
1 parent 153d307
commit 4fa087b
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 6 deletions.
diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml
@@ -42,7 +42,7 @@ jobs:
         # note that we deliberately turn off the OWASP dependency checker here, it will run in a separate job,
         # such that its results can be viewed independently of what Sonar has to say
         run: |
-          mvn -B verify sonar:sonar -Dsonar.projectKey=kiron-mx_LightweightCmpRa -Ddependency-check.skip=true
+          mvn -B verify sonar:sonar -Dsonar.projectKey=siemens_LightweightCmpRa -Ddependency-check.skip=true
 
   analyze_dependencies_owasp:
     name: Check dependencies with OWASP
@@ -56,6 +56,14 @@ jobs:
         with:
           java-version: 11
           distribution: 'temurin'
+      - name: Cache Maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
       - name: Analyze dependencies
+        env:
+          NVD_API_KEY: ${{ secrets.NVD_TOKEN }}
         # this will run the OWASP dependency checker only
-        run: mvn -B verify -DskipTests
+        run: mvn -B verify -DskipTests -Dgpg.skip
diff --git a/pom.xml b/pom.xml
@@ -7,7 +7,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.siemens.pki</groupId>
 	<artifactId>LightweightCmpRa</artifactId>
-	<version>4.0.1</version>
+	<version>4.0.0</version>
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<parent.basedir>.</parent.basedir>
@@ -107,11 +107,11 @@
 			<plugin>
 				<groupId>org.owasp</groupId>
 				<artifactId>dependency-check-maven</artifactId>
-				<version>8.4.3</version>
+				<version>9.0.4</version>
 				<executions>
 					<execution>
 						<goals>
-							<goal>check</goal>
+							<goal>aggregate</goal>
 						</goals>
 					</execution>
 				</executions>
@@ -183,7 +183,7 @@
 		<dependency>
 			<groupId>com.siemens.pki</groupId>
 			<artifactId>CmpRaComponent</artifactId>
-			<version>4.1.0</version>
+			<version>4.0.0</version>
 		</dependency>
 		<dependency>
 			<groupId>jakarta.xml.bind</groupId>