This is an automated email from the ASF dual-hosted git repository.
shoothzj pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
The following commit(s) were added to refs/heads/master by this push:
new 7ab29e6a7a [fix][ci] Fix OWASP Dependency Check download by using NVD
API key (#4473)
7ab29e6a7a is described below
commit 7ab29e6a7a12921d87604744bc26ae85c8fde351
Author: ZhangJian He <[email protected]>
AuthorDate: Mon Jul 29 17:10:19 2024 +0800
[fix][ci] Fix OWASP Dependency Check download by using NVD API key (#4473)
Signed-off-by: ZhangJian He <[email protected]>
---
.github/workflows/bk-ci.yml | 1 +
.github/workflows/owasp-daily-build.yml | 3 +++
pom.xml | 6 +++++-
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/bk-ci.yml b/.github/workflows/bk-ci.yml
index df2a22d6f9..0106da05b3 100644
--- a/.github/workflows/bk-ci.yml
+++ b/.github/workflows/bk-ci.yml
@@ -32,6 +32,7 @@ on:
env:
MAVEN_OPTS: -Xss1500k -Xmx1500m
-Daether.connector.http.reuseConnections=false
-Daether.connector.requestTimeout=60000 -Dhttp.keepAlive=false
-Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard
-Dmaven.wagon.http.retryHandler.count=3
-Dmaven.wagon.http.retryHandler.requestSentEnabled=true
-Dmaven.wagon.http.serviceUnavailableRetryStrategy.class=standard
-Dmaven.wagon.rto=60000
+ NIST_NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
diff --git a/.github/workflows/owasp-daily-build.yml
b/.github/workflows/owasp-daily-build.yml
index 2da08c4c94..5dc9eaf3b5 100644
--- a/.github/workflows/owasp-daily-build.yml
+++ b/.github/workflows/owasp-daily-build.yml
@@ -21,6 +21,9 @@ on:
- cron: '0 0 * * *' # Runs at 00:00 UTC every day
workflow_dispatch:
+env:
+ NIST_NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }}
+
jobs:
owasp-daily-build:
name: OWASP Dependency Check
diff --git a/pom.xml b/pom.xml
index 4dadfc3ad0..19bfcacf8b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -192,7 +192,7 @@
<maven-checkstyle-plugin.version>3.3.1</maven-checkstyle-plugin.version>
<maven-compiler-plugin.version>3.12.1</maven-compiler-plugin.version>
<maven-surefire-plugin.version>3.2.5</maven-surefire-plugin.version>
- <dependency-check-maven.version>9.2.0</dependency-check-maven.version>
+ <dependency-check-maven.version>10.0.2</dependency-check-maven.version>
<nar-maven-plugin.version>3.10.1</nar-maven-plugin.version>
<os-maven-plugin.version>1.4.1.Final</os-maven-plugin.version>
<protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>
@@ -1169,6 +1169,10 @@
<version>${dependency-check-maven.version}</version>
<inherited>false</inherited>
<configuration>
+ <!--
https://issues.apache.org/jira/projects/INFRA/issues/INFRA-26000 -->
+
<nvdApiKeyEnvironmentVariable>NIST_NVD_API_KEY</nvdApiKeyEnvironmentVariable>
+ <!-- Uncomment the following to use the NVD data feed provided
by the Dependency-Check project -->
+ <!--
<nvdDatafeedUrl>https://jeremylong.github.io/DependencyCheck/hb_nvd/</nvdDatafeedUrl>
-->
<suppressionFiles>
<suppressionFile>src/owasp-dependency-check-suppressions.xml</suppressionFile>
</suppressionFiles>
