From ac3adb745d4009843d1d2c15b918a1d66961999c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Nov 2023 13:51:06 +0000 Subject: [PATCH 1/3] Bump org.owasp:dependency-check-maven from 8.4.3 to 9.0.0 Bumps [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) from 8.4.3 to 9.0.0. - [Release notes](https://github.com/jeremylong/DependencyCheck/releases) - [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](https://github.com/jeremylong/DependencyCheck/compare/v8.4.3...v9.0.0) --- updated-dependencies: - dependency-name: org.owasp:dependency-check-maven dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 05124a7..de0dfbd 100644 --- a/pom.xml +++ b/pom.xml @@ -40,7 +40,7 @@ org.owasp dependency-check-maven - 8.4.3 + 9.0.0 0 .github/owasp-suppressions.xml From 7bfd651098b3f2244e4b5dc1aeb3447156b00612 Mon Sep 17 00:00:00 2001 From: maddie480 <52103563+maddie480@users.noreply.github.com> Date: Wed, 22 Nov 2023 18:20:13 +0100 Subject: [PATCH 2/3] Add NVD API key --- .github/workflows/maven.yml | 2 ++ pom.xml | 1 + 2 files changed, 3 insertions(+) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 3254e12..bbc9345 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -40,6 +40,8 @@ jobs: grep "" matches.txt && exit 1 || echo "No trailing space found!" - name: Build with Maven + env: + NVD_API_KEY: ${{ secrets.NVD_API_KEY }} run: mvn -B verify -Prelease --file pom.xml - name: Upload target folder as artifact diff --git a/pom.xml b/pom.xml index de0dfbd..611ebb9 100644 --- a/pom.xml +++ b/pom.xml @@ -42,6 +42,7 @@ dependency-check-maven 9.0.0 + ${env.NVD_API_KEY} 0 .github/owasp-suppressions.xml From f278f8fc6238ef66f67411dc4af0ff5ad7fd88ba Mon Sep 17 00:00:00 2001 From: maddie480 <52103563+maddie480@users.noreply.github.com> Date: Wed, 22 Nov 2023 21:26:46 +0100 Subject: [PATCH 3/3] Attempt at making more retries for NVD CVE --- .github/workflows/maven.yml | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index bbc9345..2965de9 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -17,13 +17,6 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Set up JDK 21 - uses: actions/setup-java@v3 - with: - java-version: '21' - distribution: 'temurin' - cache: maven - - name: Check for tabs run: | find "(" -name "*.java" -or -name "*.xml" -or -name "*.yaml" -or -name "*.yml" -or -name "*.txt" -or -name "*.md" ")" -exec grep -Pl "\t" {} \; > matches.txt @@ -39,6 +32,28 @@ jobs: find "(" -name "*.java" -or -name "*.xml" -or -name "*.yaml" -or -name "*.yml" -or -name "*.txt" -or -name "*.md" ")" -exec grep -Pl " $" {} \; > matches.txt grep "" matches.txt && exit 1 || echo "No trailing space found!" + - name: Clone open-vulnerability-clients fork + run: git clone https://github.com/maddie480/Open-Vulnerability-Project.git + + - name: Set up JDK 11 + uses: actions/setup-java@v3 + with: + java-version: '11' + distribution: 'temurin' + cache: gradle + + - name: Build open-vulnerability-clients fork + run: | + cd Open-Vulnerability-Project/open-vulnerability-clients + ../gradlew publishToMavenLocal --info + + - name: Set up JDK 21 + uses: actions/setup-java@v3 + with: + java-version: '21' + distribution: 'temurin' + cache: maven + - name: Build with Maven env: NVD_API_KEY: ${{ secrets.NVD_API_KEY }}