From 7ab29e6a7a12921d87604744bc26ae85c8fde351 Mon Sep 17 00:00:00 2001
From: ZhangJian He <shoothzj@gmail.com>
Date: Mon, 29 Jul 2024 17:10:19 +0800
Subject: [PATCH] [fix][ci] Fix OWASP Dependency Check download by using NVD
 API key (#4473)

Signed-off-by: ZhangJian He <shoothzj@gmail.com>
---
 .github/workflows/bk-ci.yml             | 1 +
 .github/workflows/owasp-daily-build.yml | 3 +++
 pom.xml                                 | 6 +++++-
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/bk-ci.yml b/.github/workflows/bk-ci.yml
index df2a22d6f90..0106da05b33 100644
--- a/.github/workflows/bk-ci.yml
+++ b/.github/workflows/bk-ci.yml
@@ -32,6 +32,7 @@ on:
 
 env:
   MAVEN_OPTS: -Xss1500k -Xmx1500m -Daether.connector.http.reuseConnections=false -Daether.connector.requestTimeout=60000 -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.http.retryHandler.requestSentEnabled=true -Dmaven.wagon.http.serviceUnavailableRetryStrategy.class=standard -Dmaven.wagon.rto=60000
+  NIST_NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }}
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
diff --git a/.github/workflows/owasp-daily-build.yml b/.github/workflows/owasp-daily-build.yml
index 2da08c4c945..5dc9eaf3b51 100644
--- a/.github/workflows/owasp-daily-build.yml
+++ b/.github/workflows/owasp-daily-build.yml
@@ -21,6 +21,9 @@ on:
     - cron: '0 0 * * *'  # Runs at 00:00 UTC every day
   workflow_dispatch:
 
+env:
+  NIST_NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }}
+
 jobs:
   owasp-daily-build:
     name: OWASP Dependency Check
diff --git a/pom.xml b/pom.xml
index 4dadfc3ad0c..19bfcacf8b1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -192,7 +192,7 @@
     <maven-checkstyle-plugin.version>3.3.1</maven-checkstyle-plugin.version>
     <maven-compiler-plugin.version>3.12.1</maven-compiler-plugin.version>
     <maven-surefire-plugin.version>3.2.5</maven-surefire-plugin.version>
-    <dependency-check-maven.version>9.2.0</dependency-check-maven.version>
+    <dependency-check-maven.version>10.0.2</dependency-check-maven.version>
     <nar-maven-plugin.version>3.10.1</nar-maven-plugin.version>
     <os-maven-plugin.version>1.4.1.Final</os-maven-plugin.version>
     <protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>
@@ -1169,6 +1169,10 @@
             <version>${dependency-check-maven.version}</version>
             <inherited>false</inherited>
             <configuration>
+              <!-- https://issues.apache.org/jira/projects/INFRA/issues/INFRA-26000 -->
+              <nvdApiKeyEnvironmentVariable>NIST_NVD_API_KEY</nvdApiKeyEnvironmentVariable>
+              <!-- Uncomment the following to use the NVD data feed provided by the Dependency-Check project -->
+              <!-- <nvdDatafeedUrl>https://jeremylong.github.io/DependencyCheck/hb_nvd/</nvdDatafeedUrl> -->
               <suppressionFiles>
                 <suppressionFile>src/owasp-dependency-check-suppressions.xml</suppressionFile>
               </suppressionFiles>