From 4fa087b11aa21afcfa0eaa5b4010cc25a9d5757b Mon Sep 17 00:00:00 2001 From: Kiron Mirdha Date: Fri, 22 Dec 2023 17:07:11 +0100 Subject: [PATCH] Update maven dependency-check plugin to 9.0.4 and reconfigure GitHub Actions * Use NVD_API_KEY * Revert CmpRaComponent version to latest release on Maven Central v.4.0.0 --- .github/workflows/code-quality.yml | 12 ++++++++++-- pom.xml | 8 ++++---- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml index 13edec9..c3840fe 100644 --- a/.github/workflows/code-quality.yml +++ b/.github/workflows/code-quality.yml @@ -42,7 +42,7 @@ jobs: # note that we deliberately turn off the OWASP dependency checker here, it will run in a separate job, # such that its results can be viewed independently of what Sonar has to say run: | - mvn -B verify sonar:sonar -Dsonar.projectKey=kiron-mx_LightweightCmpRa -Ddependency-check.skip=true + mvn -B verify sonar:sonar -Dsonar.projectKey=siemens_LightweightCmpRa -Ddependency-check.skip=true analyze_dependencies_owasp: name: Check dependencies with OWASP @@ -56,6 +56,14 @@ jobs: with: java-version: 11 distribution: 'temurin' + - name: Cache Maven packages + uses: actions/cache@v3 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2 - name: Analyze dependencies + env: + NVD_API_KEY: ${{ secrets.NVD_TOKEN }} # this will run the OWASP dependency checker only - run: mvn -B verify -DskipTests \ No newline at end of file + run: mvn -B verify -DskipTests -Dgpg.skip \ No newline at end of file diff --git a/pom.xml b/pom.xml index 42c5672..f5ec57a 100644 --- a/pom.xml +++ b/pom.xml @@ -7,7 +7,7 @@ 4.0.0 com.siemens.pki LightweightCmpRa - 4.0.1 + 4.0.0 UTF-8 . @@ -107,11 +107,11 @@ org.owasp dependency-check-maven - 8.4.3 + 9.0.4 - check + aggregate @@ -183,7 +183,7 @@ com.siemens.pki CmpRaComponent - 4.1.0 + 4.0.0 jakarta.xml.bind