diff --git a/.github/workflows/owasp.yml b/.github/workflows/owasp.yml index bcb81927..5d8bb0b4 100644 --- a/.github/workflows/owasp.yml +++ b/.github/workflows/owasp.yml @@ -17,7 +17,10 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - - run: | + - env: + NVD_API_KEY: + ${{ secrets.NVD_API_KEY }} + run: | ./gradlew dependencyCheckAnalyze - name: Upload SARIF file diff --git a/build.gradle.kts b/build.gradle.kts index 3125cb6e..a6b46f14 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -3,7 +3,7 @@ plugins { `maven-publish` signing id("com.github.johnrengelman.shadow") version "7.0.0" - id("org.owasp.dependencycheck") version "8.4.0" + id("org.owasp.dependencycheck") version "11.1.1" } group = "org.hl7.fhir" @@ -313,4 +313,7 @@ tasks.javadoc { dependencyCheck { formats = arrayListOf("SARIF", "HTML") + nvd { + apiKey=System.getenv("NVD_API_KEY") + } } \ No newline at end of file diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 070cb702..3994438e 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-7.6.4-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists