Bump to dependency-check 9.0.6

Jurrie · Dec 18, 2023 · 89b41ae · 89b41ae
1 parent ef7fa7c
commit 89b41ae
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -20,6 +20,12 @@ In order to start the Database Server simply run
 docker run -p 3306:3306 stefanneuhaus/dependencycheck-central-mysql
 ```
 
+#### NVD API key
+
+To have a faster synchronization proces, you should apply for an NVD API key.
+Get one [at the NVD website](https://nvd.nist.gov/developers/request-an-api-key).
+If you have one, start your Docker container with `-e NVD_API_KEY=<Your API key here>`.
+
 ### Analysis clients
 
 All kinds of analysis clients are supported: Gradle, Maven, Ant, Jenkins, CLI. Apply the following changes to your build file:
@@ -34,7 +40,7 @@ buildscript {
         mavenCentral()
     }
     dependencies {
-        classpath 'org.owasp:dependency-check-gradle:8.0.0'
+        classpath 'org.owasp:dependency-check-gradle:9.0.6'
         classpath 'com.mysql:mysql-connector-j:8.2.0'
     }
 }

diff --git a/overlays/dependencycheck/build.gradle b/overlays/dependencycheck/build.gradle
@@ -18,21 +18,24 @@ buildscript {
         mavenCentral()
     }
     dependencies {
-        classpath 'org.owasp:dependency-check-gradle:8.0.0'
+        classpath 'org.owasp:dependency-check-gradle:9.0.6'
         classpath 'com.mysql:mysql-connector-j:8.2.0'
     }
 }
 
 apply plugin: 'org.owasp.dependencycheck'
 
 dependencyCheck {
-    cveValidForHours = 0
     data {
         connectionString = "jdbc:mysql://localhost:3306/dependencycheck?useSSL=false&allowPublicKeyRetrieval=true"
         driver = "com.mysql.cj.jdbc.Driver"
         username = "dc-update"
         password = "<DC_UPDATE_PASSWORD>"
     }
+    nvd {
+        validForHours = 0
+        apiKey = System.getenv("NVD_API_KEY") ?: ""
+    }
 }
 
 

diff --git a/overlays/wrapper.sh b/overlays/wrapper.sh
@@ -1,4 +1,12 @@
 #!/bin/sh
 
+if [ -z "${NVD_API_KEY}" ]; then
+  echo "--------------------------------------------------------------------------------"
+  echo "  Detected that environment variable NVD_API_KEY was not set."
+  echo "  Please provide an NVD API key! Updates will be very slow without it."
+  echo "  Visit https://nvd.nist.gov/developers/request-an-api-key to get one."
+  echo "--------------------------------------------------------------------------------"
+fi
+
 supercronic /dependencycheck/database-update-schedule &
 /usr/local/bin/docker-entrypoint.sh --user=root
diff --git a/test/project_uptodate/build.gradle b/test/project_uptodate/build.gradle
@@ -3,7 +3,7 @@ buildscript {
         mavenCentral()
     }
     dependencies {
-        classpath 'org.owasp:dependency-check-gradle:8.0.0'
+        classpath 'org.owasp:dependency-check-gradle:9.0.6'
         classpath 'com.mysql:mysql-connector-j:8.2.0'
     }
 }