PDavid commented on PR #6822: URL: https://github.com/apache/hbase/pull/6822#issuecomment-2739671876
In my former job we used to run the OWASP dependency check in GitHub: Actions weekly. One can set the NVD API key as a secret in GitHub and then it can be used in the GH: Actions build. But yeah you need access to GH repo settings for this. We had several issues from time to time where the download of the NIST vulnerability DB was timed out - even sometimes with using API key. So we made sure that we use the cache GH: Action to cache the [database](https://jeremylong.github.io/DependencyCheck/data/cacheh2.html) and restore that cache before the dependency check runs. This way the updating time was minimized and we had more stable builds -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
