Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[fix][ci] Fix OWASP Dependency Check download by using NVD API key #22999

Merged
merged 12 commits into from
Jul 4, 2024
Merged

[fix][ci] Fix OWASP Dependency Check download by using NVD API key #22999

merged 12 commits into from
Jul 4, 2024

Conversation

lhotari
Copy link
Member

@lhotari lhotari commented Jul 3, 2024

Motivation

OWASP Dependency Check download times out. See https://lists.apache.org/thread/hmlz12lxrntlylfo2424pcw0ktrkvqbq for more details.

Modifications

  • Upgrade plugin version to 10.0.1
  • Specify NVD API key using NIST_NVD_API_KEY secret which is mapped to NIST_NVD_API_KEY environment variable.
  • Use pluginManagement to configure plugin version
  • Run schedule dependency check for branch-3.3, branch-3.2, branch-3.0 and master branches

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

@lhotari lhotari added this to the 3.4.0 milestone Jul 3, 2024
@lhotari lhotari self-assigned this Jul 3, 2024
@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Jul 3, 2024
@lhotari lhotari changed the title [fix][CI] Fix OWASP Dependency Check download by using NVD API key [fix][ci] Fix OWASP Dependency Check download by using NVD API key Jul 3, 2024
dave2wave
dave2wave requested changes Jul 3, 2024
View reviewed changes
dave2wave
dave2wave approved these changes Jul 3, 2024
View reviewed changes
Copy link
Member

@dave2wave dave2wave left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lhotari lhotari merged commit 8b7754f into apache:master Jul 4, 2024
50 of 52 checks passed
lhotari added a commit that referenced this pull request Jul 4, 2024
@lhotari
[fix][ci] Fix OWASP Dependency Check download by using NVD API key (#…
589f283 
…22999)

(cherry picked from commit 8b7754f)

# Conflicts:
#	pom.xml
lhotari added a commit that referenced this pull request Jul 4, 2024
@lhotari
[fix][ci] Fix OWASP Dependency Check download by using NVD API key (#…
3a125c4 
…22999)

(cherry picked from commit 8b7754f)

# Conflicts:
#	.github/workflows/ci-owasp-dependency-check.yaml
#	pom.xml
lhotari added a commit that referenced this pull request Jul 5, 2024
@lhotari
[fix][ci] Fix OWASP Dependency Check download by using NVD API key (#…
29d7150 
…22999)

(cherry picked from commit 8b7754f)
lhotari added a commit that referenced this pull request Jul 5, 2024
@lhotari
[fix][ci] Fix OWASP Dependency Check download by using NVD API key (#…
1b4b920 
…22999)

(cherry picked from commit 8b7754f)
nikhil-ctds pushed a commit to datastax/pulsar that referenced this pull request Jul 10, 2024
@lhotari @nikhil-ctds
[fix][ci] Fix OWASP Dependency Check download by using NVD API key (a…
304fc80 
…pache#22999)

(cherry picked from commit 8b7754f)
(cherry picked from commit 1b4b920)
srinath-ctds pushed a commit to datastax/pulsar that referenced this pull request Jul 15, 2024
@lhotari @srinath-ctds
[fix][ci] Fix OWASP Dependency Check download by using NVD API key (a…
8708d5f 
…pache#22999)

(cherry picked from commit 8b7754f)
(cherry picked from commit 1b4b920)
@hezhangjian hezhangjian mentioned this pull request Jul 27, 2024
Merged
hanmz pushed a commit to hanmz/pulsar that referenced this pull request Feb 12, 2025
@lhotari @hanmz
[fix][ci] Fix OWASP Dependency Check download by using NVD API key (a…
036fba8 
…pache#22999)
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@nodece nodece nodece approved these changes

@dave2wave dave2wave dave2wave approved these changes

@Technoboy- Technoboy- Awaiting requested review from Technoboy-

Assignees

@lhotari lhotari

Labels
area/ci cherry-picked/branch-3.0 cherry-picked/branch-3.1 cherry-picked/branch-3.2 cherry-picked/branch-3.3 doc-not-needed Your PR changes do not impact docs ready-to-test release/3.0.6 release/3.1.4 release/3.2.4 release/3.3.1
Projects
None yet
Milestone
4.0.0
Development

Successfully merging this pull request may close these issues.
3 participants
@lhotari @nodece @dave2wave