open-telemetry
/
opentelemetry-java-instrumentation
mirror of https://github.com/open-telemetry/opentelemetry-java-instrumentation.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add NVD api key to speed up owasp dependency check (#10003) 

Co-authored-by: Lauri Tulmin <ltulmin@splunk.com>
This commit is contained in:
Trask Stalnaker 2023-12-21 03:49:04 -08:00 committed by GitHub
parent f67f1c3127
commit 42de8966b7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/repository-settings.md vendored
View File

@ -69,6 +69,7 @@ for [`dependabot/**/**`](https://github.com/open-telemetry/community/blob/main/d
see [docs](https://docs.gradle.com/enterprise/gradle-plugin/#via_environment_variable)
- `GRADLE_PUBLISH_KEY`
- `GRADLE_PUBLISH_SECRET`
- `NVD_API_KEY` - stored in OpenTelemetry-Java 1Password
- `OPENTELEMETRYBOT_GITHUB_TOKEN` - owned by [@trask](https://github.com/trask)
- `SONATYPE_KEY` - owned by [@trask](https://github.com/trask)
- `SONATYPE_USER` - owned by [@trask](https://github.com/trask)

2
.github/workflows/owasp-dependency-check-daily.yml vendored
View File

@ -27,6 +27,8 @@ jobs:
- uses: gradle/gradle-build-action@v2
with:
arguments: ":javaagent:dependencyCheckAnalyze"
env:
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
- name: Upload report
if: always()

1
conventions/src/main/kotlin/otel.java-conventions.gradle.kts
View File

@ -415,6 +415,7 @@ dependencyCheck {
skipConfigurations = listOf("errorprone", "checkstyle", "annotationProcessor")
suppressionFile = "buildscripts/dependency-check-suppressions.xml"
failBuildOnCVSS = 7.0f // fail on high or critical CVE
nvd.apiKey = System.getenv("NVD_API_KEY")
}
idea {