Merge pull request #65 from FHIR/do-20251001-fix-owasp-workflow

grahamegrieve · web-flow · commit b8dbfb59a5c4 · 2025-10-02T05:14:46.000+10:00
Fix OWASP workflow
diff --git a/.github/workflows/owasp.yml b/.github/workflows/owasp.yml
@@ -1,8 +1,8 @@
+name: "OWASP Security Scans"
+
 on:
     push:
         branches: [ "master" ]
-    pull_request:
-        branches: [ "master" ]
 
     workflow_dispatch:
 
@@ -29,8 +29,12 @@ jobs:
             - env:
                   NVD_API_KEY:
                       ${{ secrets.NVD_API_KEY }}
+                  OSSINDEX_USERNAME:
+                      ${{ secrets.OSSINDEX_USERNAME }}
+                  OSSINDEX_PASSWORD:
+                      ${{ secrets.OSSINDEX_PASSWORD }}
               run: |
-                  mvn -DskipTests install -P OWASP_CHECK
+                  mvn -DskipTests install -P OWASP_CHECK  -DossIndexUsername=${{ env.OSSINDEX_USERNAME }} -DossIndexPassword=${{ env.OSSINDEX_PASSWORD }}
 
             - name: Upload SARIF file
               uses: github/codeql-action/upload-sarif@a4e1a019f5e24960714ff6296aee04b736cbc3cf # v3.29.6
diff --git a/pom.xml b/pom.xml
@@ -91,7 +91,7 @@
                 <plugin>
                     <groupId>org.owasp</groupId>
                     <artifactId>dependency-check-maven</artifactId>
-                    <version>12.1.3</version>
+                    <version>12.1.6</version>
                     <configuration>
                         <nvdApiKeyEnvironmentVariable>NVD_API_KEY</nvdApiKeyEnvironmentVariable>
                         <suppressionFiles>
