chore(deps): Bump org.owasp.dependencycheck from 8.4.3 to 9.0.2 (spri…

…ngwolf#492)

* chore(deps): Bump org.owasp.dependencycheck from 8.4.3 to 9.0.2

Bumps org.owasp.dependencycheck from 8.4.3 to 9.0.2.

---
updated-dependencies:
- dependency-name: org.owasp.dependencycheck
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: add owasp nvd api key (in gh secrets)

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Timon Back <timonback@users.noreply.github.com>

.github/workflows/owasp.yml

@@ -33,8 +33,9 @@ jobs:
 
       - name: Generate DependencyCheck report
         run: ./gradlew dependencyCheckAggregate
+        env:
+          ORG_GRADLE_PROJECT_OWASP_API_KEY: ${{ secrets.ORG_GRADLE_PROJECT_OWASP_API_KEY }}
       - name: upload-sarif-4
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: ./build/reports/owasp-dependency-check/dependency-check-report.sarif
-

build.gradle

@@ -9,7 +9,7 @@ plugins {
     id 'ca.cutterslade.analyze' version '1.9.1'
     id 'io.spring.dependency-management' version '1.1.4' apply false
     id 'org.springframework.boot' version '3.2.0' apply false
-    id 'org.owasp.dependencycheck' version '8.4.3'
+    id 'org.owasp.dependencycheck' version '9.0.2'
     id 'com.diffplug.spotless' version '6.23.3'
     id 'com.bmuschko.docker-spring-boot-application' version '9.4.0' apply false
 }
@@ -201,6 +201,7 @@ allprojects {
 dependencyCheck {
     outputDirectory = "$buildDir/reports/owasp-dependency-check"
     formats = [ReportGenerator.Format.SARIF.toString()]
+    nvd.apiKey = project.findProperty("OWASP_API_KEY")
 }
 
 def static readEnvFile(path = ".env") {