You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Another idea: make the cache not depending on a hashed pom.xml or move the OWASP Maven Plugin dataDirectory path outside of Maven cache (and cache on its own). https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html (as the pom.xml gets updated for deps, the Maven cache is empty, which also means empty NVD CVE DB)
The text was updated successfully, but these errors were encountered:
Due to the-non-cacheable vulnerability database of the Maven plugin, it downloads the DB on every run, also twice because Java 11 and 17.
We should try relying on an action like https://github.com/dependency-check/Dependency-Check_Action which caches the database within the container and see if this speeds up builds.
Another idea: make the cache not depending on a hashed
pom.xmlor move the OWASP Maven PlugindataDirectorypath outside of Maven cache (and cache on its own). https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html (as the pom.xml gets updated for deps, the Maven cache is empty, which also means empty NVD CVE DB)The text was updated successfully, but these errors were encountered: