From fe519427457dfdf23c3859b66be0fb9a356f697d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 9 Dec 2023 16:29:36 +0100
Subject: [PATCH] chore(deps): Bump org.owasp.dependencycheck from 8.4.3 to
 9.0.2 (#492)

* chore(deps): Bump org.owasp.dependencycheck from 8.4.3 to 9.0.2

Bumps org.owasp.dependencycheck from 8.4.3 to 9.0.2.

---
updated-dependencies:
- dependency-name: org.owasp.dependencycheck
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: add owasp nvd api key (in gh secrets)

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Timon Back <timonback@users.noreply.github.com>
---
 .github/workflows/owasp.yml | 3 ++-
 build.gradle                | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/owasp.yml b/.github/workflows/owasp.yml
index 450ac3ce9..ef866e57b 100644
--- a/.github/workflows/owasp.yml
+++ b/.github/workflows/owasp.yml
@@ -33,8 +33,9 @@ jobs:
 
       - name: Generate DependencyCheck report
         run: ./gradlew dependencyCheckAggregate
+        env:
+          ORG_GRADLE_PROJECT_OWASP_API_KEY: ${{ secrets.ORG_GRADLE_PROJECT_OWASP_API_KEY }}
       - name: upload-sarif-4
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: ./build/reports/owasp-dependency-check/dependency-check-report.sarif
-
diff --git a/build.gradle b/build.gradle
index 46a55d4b6..5557d7f7e 100644
--- a/build.gradle
+++ b/build.gradle
@@ -9,7 +9,7 @@ plugins {
     id 'ca.cutterslade.analyze' version '1.9.1'
     id 'io.spring.dependency-management' version '1.1.4' apply false
     id 'org.springframework.boot' version '3.2.0' apply false
-    id 'org.owasp.dependencycheck' version '8.4.3'
+    id 'org.owasp.dependencycheck' version '9.0.2'
     id 'com.diffplug.spotless' version '6.23.3'
     id 'com.bmuschko.docker-spring-boot-application' version '9.4.0' apply false
 }
@@ -201,6 +201,7 @@ allprojects {
 dependencyCheck {
     outputDirectory = "$buildDir/reports/owasp-dependency-check"
     formats = [ReportGenerator.Format.SARIF.toString()]
+    nvd.apiKey = project.findProperty("OWASP_API_KEY")
 }
 
 def static readEnvFile(path = ".env") {