From 3f12be4aa9cb4a5c8f3e1a23bc79bbc2dc731a9d Mon Sep 17 00:00:00 2001
From: Oleksandr Kolodkin <oleksandr.kolodkin@ukr.net>
Date: Thu, 17 Jul 2025 23:04:19 +0300
Subject: [PATCH 1/6] add check with OWASP

Signed-off-by: Oleksandr Kolodkin <oleksandr.kolodkin@ukr.net>
---
 .github/workflows/github-actions-java8.yml | 12 ++++++++++++
 build.gradle.kts                           | 15 +++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/.github/workflows/github-actions-java8.yml b/.github/workflows/github-actions-java8.yml
index 46abd2b..3e56b0b 100644
--- a/.github/workflows/github-actions-java8.yml
+++ b/.github/workflows/github-actions-java8.yml
@@ -64,6 +64,18 @@ jobs:
         if: runner.os != 'Windows'
         run: chmod +x ./gradlew
 
+      - name: Run OWASP dependency check
+        if: matrix.os == 'windows-latest'  # Only run on one platform
+        run: ./gradlew dependencyCheckAnalyze --no-daemon --stacktrace
+
+      - name: Upload dependency check report
+        uses: actions/upload-artifact@v4
+        if: matrix.os == 'windows-latest'  # Only upload from one platform
+        with:
+          name: dependency-check-report
+          path: build/reports/dependency-check-report.html
+          retention-days: 30
+
       - name: Build with Gradle
         run: ./gradlew buildShadow --no-daemon --stacktrace
 
diff --git a/build.gradle.kts b/build.gradle.kts
index 033a85e..641b2e5 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -81,3 +81,18 @@ tasks {
         dependsOn(shadowJar)
     }
 }
+
+// OWASP Dependency Check configuration
+dependencyCheck {
+    // Format for the dependency check report
+    format = "HTML"
+    
+    // Suppress false positives (optional - can be configured as needed)
+    suppressionFile = "dependency-check-suppressions.xml"
+    
+    // Fail build on CVSS score of 7 or higher (High/Critical vulnerabilities)
+    failBuildOnCVSS = 7.0f
+    
+    // Auto-update vulnerability database (good for CI but can be slow)
+    autoUpdate = true
+}

From 45369b878e247cc0e7b9c385f515a5d7d57e6428 Mon Sep 17 00:00:00 2001
From: Oleksandr Kolodkin <oleksandr.kolodkin@ukr.net>
Date: Thu, 17 Jul 2025 23:16:00 +0300
Subject: [PATCH 2/6] try latest java version

---
 .github/workflows/github-actions-java8.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/github-actions-java8.yml b/.github/workflows/github-actions-java8.yml
index 3e56b0b..c7826d0 100644
--- a/.github/workflows/github-actions-java8.yml
+++ b/.github/workflows/github-actions-java8.yml
@@ -56,6 +56,7 @@ jobs:
         with:
           java-version: "8"
           distribution: "zulu"
+          check-latest: true  # Get the latest Java 8 patch version
 
       - name: Validate Gradle wrapper
         uses: gradle/actions/wrapper-validation@v4

From dee64c048771fc29fa5399def8185589fea0d99e Mon Sep 17 00:00:00 2001
From: Oleksandr Kolodkin <oleksandr.kolodkin@ukr.net>
Date: Thu, 17 Jul 2025 23:32:28 +0300
Subject: [PATCH 3/6] - setup owasp to use key

---
 build.gradle.kts | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/build.gradle.kts b/build.gradle.kts
index 641b2e5..ec35170 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -95,4 +95,26 @@ dependencyCheck {
     
     // Auto-update vulnerability database (good for CI but can be slow)
     autoUpdate = true
+
+    // Enable NVD API with your API key
+    nvd {
+        enabled = true
+        apiKey = System.getenv("NVD_API_KEY") ?: ""
+        // Delay between requests to respect rate limits
+        delay = 4000
+    }
+
+    // Use all available vulnerability sources
+    ossIndex {
+        enabled = true
+    }
+    
+    retirejs {
+        enabled = true
+    }
+    
+    // Enable known exploited vulnerabilities (KEV)
+    kev {
+        enabled = true
+    }
 }

From d90f62b620cc371459704aa9ec7c31caff07f73a Mon Sep 17 00:00:00 2001
From: Oleksandr Kolodkin <oleksandr.kolodkin@ukr.net>
Date: Thu, 17 Jul 2025 23:34:28 +0300
Subject: [PATCH 4/6] - set owasp api key in environment variable

---
 .github/workflows/github-actions-java8.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/github-actions-java8.yml b/.github/workflows/github-actions-java8.yml
index c7826d0..07c960b 100644
--- a/.github/workflows/github-actions-java8.yml
+++ b/.github/workflows/github-actions-java8.yml
@@ -67,7 +67,10 @@ jobs:
 
       - name: Run OWASP dependency check
         if: matrix.os == 'windows-latest'  # Only run on one platform
-        run: ./gradlew dependencyCheckAnalyze --no-daemon --stacktrace
+        run: ./gradlew dependencyCheckAnalyze --no-daemon --stacktrace --continue
+        continue-on-error: true  # Don't fail the build if dependency check has issues
+        env:
+          NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
 
       - name: Upload dependency check report
         uses: actions/upload-artifact@v4

From 63ff0eb436c345204f9a66fe66158e6a7e70e4c4 Mon Sep 17 00:00:00 2001
From: Oleksandr Kolodkin <oleksandr.kolodkin@ukr.net>
Date: Thu, 17 Jul 2025 23:39:02 +0300
Subject: [PATCH 5/6] fix syntaxis

---
 build.gradle.kts | 28 +++++-----------------------
 1 file changed, 5 insertions(+), 23 deletions(-)

diff --git a/build.gradle.kts b/build.gradle.kts
index ec35170..c5e9b1c 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -85,7 +85,7 @@ tasks {
 // OWASP Dependency Check configuration
 dependencyCheck {
     // Format for the dependency check report
-    format = "HTML"
+    formats = listOf("HTML")
     
     // Suppress false positives (optional - can be configured as needed)
     suppressionFile = "dependency-check-suppressions.xml"
@@ -93,28 +93,10 @@ dependencyCheck {
     // Fail build on CVSS score of 7 or higher (High/Critical vulnerabilities)
     failBuildOnCVSS = 7.0f
     
-    // Auto-update vulnerability database (good for CI but can be slow)
-    autoUpdate = true
-
     // Enable NVD API with your API key
-    nvd {
-        enabled = true
-        apiKey = System.getenv("NVD_API_KEY") ?: ""
-        // Delay between requests to respect rate limits
-        delay = 4000
-    }
-
-    // Use all available vulnerability sources
-    ossIndex {
-        enabled = true
-    }
+    nvdApiKey = System.getenv("NVD_API_KEY") ?: ""
+    nvdApiDelay = 4000
     
-    retirejs {
-        enabled = true
-    }
-    
-    // Enable known exploited vulnerabilities (KEV)
-    kev {
-        enabled = true
-    }
+    // Enable auto-update with NVD API
+    autoUpdate = true
 }

From ba24cf1ed5dd1329be2c025019a1c96126c613fc Mon Sep 17 00:00:00 2001
From: Oleksandr Kolodkin <oleksandr.kolodkin@ukr.net>
Date: Thu, 17 Jul 2025 23:49:46 +0300
Subject: [PATCH 6/6] fix syntaxes

Signed-off-by: Oleksandr Kolodkin <oleksandr.kolodkin@ukr.net>
---
 build.gradle.kts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/build.gradle.kts b/build.gradle.kts
index c5e9b1c..56f3de3 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -94,9 +94,9 @@ dependencyCheck {
     failBuildOnCVSS = 7.0f
     
     // Enable NVD API with your API key
-    nvdApiKey = System.getenv("NVD_API_KEY") ?: ""
-    nvdApiDelay = 4000
-    
+    nvd.apiKey = System.getenv("NVD_API_KEY") ?: ""
+    nvd.delay = 4000
+
     // Enable auto-update with NVD API
     autoUpdate = true
 }