Merge pull request #86 from maddie480/dependabot/maven/org.owasp-depe…

…ndency-check-maven-9.0.0 Bump org.owasp:dependency-check-maven from 8.4.3 to 9.0.0
maddie480 · Nov 22, 2023 · 0c6850e · 0c6850e
2 parents 226a0a3 + f278f8f
commit 0c6850e
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 8 deletions.
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -17,13 +17,6 @@ jobs:
     steps:
     - uses: actions/checkout@v4
 
-    - name: Set up JDK 21
-      uses: actions/setup-java@v3
-      with:
-        java-version: '21'
-        distribution: 'temurin'
-        cache: maven
-
     - name: Check for tabs
       run: |
         find "(" -name "*.java" -or -name "*.xml" -or -name "*.yaml" -or -name "*.yml" -or -name "*.txt" -or -name "*.md" ")" -exec grep -Pl "\t" {} \; > matches.txt
@@ -39,7 +32,31 @@ jobs:
         find "(" -name "*.java" -or -name "*.xml" -or -name "*.yaml" -or -name "*.yml" -or -name "*.txt" -or -name "*.md" ")" -exec grep -Pl " $" {} \; > matches.txt
         grep "" matches.txt && exit 1 || echo "No trailing space found!"
 
+    - name: Clone open-vulnerability-clients fork
+      run: git clone https://github.com/maddie480/Open-Vulnerability-Project.git
+
+    - name: Set up JDK 11
+      uses: actions/setup-java@v3
+      with:
+        java-version: '11'
+        distribution: 'temurin'
+        cache: gradle
+
+    - name: Build open-vulnerability-clients fork
+      run: |
+        cd Open-Vulnerability-Project/open-vulnerability-clients
+        ../gradlew publishToMavenLocal --info
+
+    - name: Set up JDK 21
+      uses: actions/setup-java@v3
+      with:
+        java-version: '21'
+        distribution: 'temurin'
+        cache: maven
+
     - name: Build with Maven
+      env:
+        NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
       run: mvn -B verify -Prelease --file pom.xml
 
     - name: Upload target folder as artifact

diff --git a/pom.xml b/pom.xml
@@ -40,8 +40,9 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>8.4.3</version>
+                <version>9.0.0</version>
                 <configuration>
+                    <nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
                     <failBuildOnCVSS>0</failBuildOnCVSS>
                     <suppressionFile>.github/owasp-suppressions.xml</suppressionFile>
                 </configuration>