Update owasp dependency-check

Disabled [broken] nightly cron as need to get INFRA to setup an API key, or find an alternative scanner The plugin has been updated and can be used locally by doing something like (though a bit complex...): ~/.m2/settings.xml ``` <settings> <server> <id>nist-nvdApiServer</id> <password> your-api-key </password> </server> <profiles> <profile> <id>owasp</id> <properties> <nvdApiServerId>nist-nvdApiServer</nvdApiServerId> </properties> </profile> </profiles> <activeProfiles> <activeProfile>owasp</activeProfile> </activeProfiles> </settings> ``` Fixes: #703
apache · Dec 21, 2024 · 01f64dd · 01f64dd
1 parent fadea1b
commit 01f64dd
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 35 deletions.
diff --git a/.github/workflows/cron.yml b/.github/workflows/cron.yml
diff --git a/pom.xml b/pom.xml
@@ -487,9 +487,9 @@
         <plugin>
           <groupId>org.owasp</groupId>
           <artifactId>dependency-check-maven</artifactId>
-          <version>8.4.3</version>
+          <version>11.1.1</version>
           <configuration>
-            <failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
+            <failBuildOnCVSS>0</failBuildOnCVSS>
             <suppressionFile>${session.executionRootDirectory}/src/owasp/suppression.xml</suppressionFile>
           </configuration>
         </plugin>