From 18287e61ab32dbb5243169d99924d53ade1fdb72 Mon Sep 17 00:00:00 2001
From: dotasek <dotasek.dev@gmail.com>
Date: Tue, 10 Dec 2024 17:23:46 -0500
Subject: [PATCH] Update OWASP Plugin to 11.1.1 (#1005)

* Use new OWASP plugin version
* Use NVD_API_KEY
---
 .github/workflows/owasp.yml | 10 ++++++++--
 pom.xml                     |  3 ++-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/owasp.yml b/.github/workflows/owasp.yml
index 238b77a4..8625e316 100644
--- a/.github/workflows/owasp.yml
+++ b/.github/workflows/owasp.yml
@@ -17,10 +17,16 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v4
 
-    - run: |
+    - env:
+        NVD_API_KEY:
+          ${{ secrets.NVD_API_KEY }}
+      run: |
         mvn -DskipTests install -P OWASP_CHECK
 
-    - run: |
+    - env:
+        NVD_API_KEY:
+          ${{ secrets.NVD_API_KEY }}
+      run: |
         mvn -DskipTests dependency-check:aggregate -P OWASP_CHECK
 
     - name: Upload SARIF file
diff --git a/pom.xml b/pom.xml
index 1e959ba8..117ed003 100644
--- a/pom.xml
+++ b/pom.xml
@@ -312,8 +312,9 @@
                 <plugin>
                     <groupId>org.owasp</groupId>
                     <artifactId>dependency-check-maven</artifactId>
-                    <version>8.2.1</version>
+                    <version>11.1.1</version>
                     <configuration>
+                        <nvdApiKeyEnvironmentVariable>NVD_API_KEY</nvdApiKeyEnvironmentVariable>
                         <suppressionFiles>
                             <suppressionFile>cve-suppression.xml</suppressionFile>
                         </suppressionFiles>