(incubator-streampark) branch dev updated: improve owasp dependency check (#3859)

[benjobs]

This is an automated email from the ASF dual-hosted git repository.

benjobs pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/incubator-streampark.git


The following commit(s) were added to refs/heads/dev by this push:
     new fc856b0d6 improve owasp dependency check (#3859)
fc856b0d6 is described below

commit fc856b0d67af3f74a3f84b2264f7c197d3850364
Author: xiangzihao <460888...@qq.com>
AuthorDate: Fri Jul 12 18:27:16 2024 +0800

    improve owasp dependency check (#3859)
---
 .github/workflows/owasp-dependency-check.yaml | 13 +++++++++++--
 pom.xml                                       |  3 ++-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/owasp-dependency-check.yaml 
b/.github/workflows/owasp-dependency-check.yaml
index 499f494b1..b24ce19c9 100644
--- a/.github/workflows/owasp-dependency-check.yaml
+++ b/.github/workflows/owasp-dependency-check.yaml
@@ -21,7 +21,7 @@ on:
   push:
     branches:
       - dev
-  pull_request:
+  pull_request_target:
     paths:
       - '**/pom.xml'
 
@@ -30,6 +30,9 @@ env:
 
 jobs:
   build:
+    permissions:
+      contents: read
+      pull-requests: write
     runs-on: ubuntu-latest
     timeout-minutes: 120
     steps:
@@ -42,7 +45,13 @@ jobs:
           java-version: 8
           distribution: 'adopt'
       - name: Run OWASP Dependency Check
-        run: ./mvnw -B clean install dependency-check:check -Dowasp.skip=false 
-Dspotless.skip=true -Drat.skip=true
+        run: |
+          ./mvnw -B clean install dependency-check:check \
+          -Dowasp.skip=false \
+          -Dspotless.skip=true \
+          -Drat.skip=true
+        env:
+          NIST_NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }}
       - name: Upload report
         uses: actions/upload-artifact@v4
         if: ${{ cancelled() || failure() }}
diff --git a/pom.xml b/pom.xml
index a6abe4951..f8602be1e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -136,7 +136,7 @@
         <spotless.scalafmt.version>3.7.5</spotless.scalafmt.version>
         
<maven-checkstyle-plugin.version>3.2.0</maven-checkstyle-plugin.version>
         
<maven-scalastyle-plugin.version>1.0.0</maven-scalastyle-plugin.version>
-        
<owasp-dependency-check-maven.version>9.2.0</owasp-dependency-check-maven.version>
+        
<owasp-dependency-check-maven.version>10.0.2</owasp-dependency-check-maven.version>
         
<build-helper-maven-plugin.version>3.3.0</build-helper-maven-plugin.version>
         
<streampark.shaded.package>org.apache.streampark.shaded</streampark.shaded.package>
         
<flink.table.uber.artifact.id>flink-table-uber_${scala.binary.version}</flink.table.uber.artifact.id>
@@ -831,6 +831,7 @@
                         <skipRuntimeScope>true</skipRuntimeScope>
                         <skipSystemScope>true</skipSystemScope>
                         <failBuildOnCVSS>7</failBuildOnCVSS>
+                        
<nvdApiKeyEnvironmentVariable>NIST_NVD_API_KEY</nvdApiKeyEnvironmentVariable>
                     </configuration>
                     <executions>
                         <execution>