From 2e03c4bb2da1441f14f98c00c0fda1b1716629b8 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Wed, 8 Oct 2025 15:14:53 +0200
Subject: [PATCH 1/2] Dependency-check: Set default shell to bash for workflow
 steps

---
 .github/workflows/run-dependency-check.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/run-dependency-check.yml b/.github/workflows/run-dependency-check.yml
index 127a5cf..082c1c5 100644
--- a/.github/workflows/run-dependency-check.yml
+++ b/.github/workflows/run-dependency-check.yml
@@ -41,6 +41,9 @@ on:
         description: 'The Slack webhook used for publishing the results.'
         required: true
 
+defaults:
+  run:
+    shell: bash
 
 jobs:
   check-dependencies:

From 1074588008ae3326a2221ea451783280518f0366 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Wed, 8 Oct 2025 15:37:30 +0200
Subject: [PATCH 2/2] ignore if the default suppression file does not exist

---
 .github/workflows/run-dependency-check.yml | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/run-dependency-check.yml b/.github/workflows/run-dependency-check.yml
index 082c1c5..83f3897 100644
--- a/.github/workflows/run-dependency-check.yml
+++ b/.github/workflows/run-dependency-check.yml
@@ -91,6 +91,17 @@ jobs:
               <activeProfiles/>
           </settings>
           EOF
+      - name: Check if default suppression file exists
+        id: config-suppression
+        run: |
+          SUPPRESS_OPTION=""
+          # check existence of default suppression file
+          if [[ "${SUPPRESSION_FILE}" == "suppression.xml" && -f "${SUPPRESSION_FILE}" ]]; then
+            SUPPRESS_OPTION="-DsuppressionFile=${SUPPRESSION_FILE}"
+          fi
+          echo "cli-parameter=${SUPPRESS_OPTION}" >> $GITHUB_OUTPUT
+        env:
+          SUPPRESSION_FILE: ${{ inputs.suppression-path }}
       - name: Run org.owasp:dependency-check plugin
         id: dependency-check
         continue-on-error: true
@@ -100,13 +111,13 @@ jobs:
           --file ${POM_FILE}
           -DnvdValidForHours=24
           -DfailBuildOnCVSS=0
-          -DsuppressionFile=${SUPPRESSION_FILE}
           -DnvdApiKeyEnvironmentVariable=NVD_API_KEY
           -DossIndexServerId=oss-index
+          ${SUPPRESSION_OPTION}
         env:
           POM_FILE: ${{ inputs.pom-path }}
-          SUPPRESSION_FILE: ${{ inputs.suppression-path }}
           NVD_API_KEY: ${{ secrets.nvd-api-key }}
+          SUPPRESSION_OPTION: ${{ steps.config-suppression.outputs.cli-parameter }}
           OSSINDEX_USERNAME: ${{ secrets.ossindex-username }}
           OSSINDEX_PASSWORD: ${{ secrets.ossindex-token }}
       - name: Upload report on failure