From 5b32f55c4a32376e8d03f6bd9f8e30801a45e18e Mon Sep 17 00:00:00 2001
From: Sean Arms <67096+lesserwhirls@users.noreply.github.com>
Date: Tue, 16 Jul 2024 13:57:34 -0600
Subject: [PATCH] Allow for the use of a NIST NVD API key

Look for a NIST NVD API key in the environment variable NVD_API_KEY and, if
found, use it when running the OWASP dependency check tasks.
---
 .../src/main/kotlin/ds3-java-sdk-library-convention.gradle.kts  | 1 +
 libs.versions.toml                                              | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/buildSrc/src/main/kotlin/ds3-java-sdk-library-convention.gradle.kts b/buildSrc/src/main/kotlin/ds3-java-sdk-library-convention.gradle.kts
index 45da08ef1..8044d7b79 100644
--- a/buildSrc/src/main/kotlin/ds3-java-sdk-library-convention.gradle.kts
+++ b/buildSrc/src/main/kotlin/ds3-java-sdk-library-convention.gradle.kts
@@ -58,4 +58,5 @@ dependencyCheck {
     // fail the build if any vulnerable dependencies are identified (CVSS score > 0)
     failBuildOnCVSS = 0f;
     suppressionFile = "project_files/owasp/dependency-check-suppression.xml"
+    nvd.apiKey = System.getenv("NVD_API_KEY")
 }
diff --git a/libs.versions.toml b/libs.versions.toml
index f476094a6..208acbb7c 100644
--- a/libs.versions.toml
+++ b/libs.versions.toml
@@ -70,7 +70,7 @@ slf4jSimple = { group = "org.slf4j", name = "slf4j-simple", version.ref = "slf4j
 # plugins used in buildSrc/
 #
 kotlinJvmPlugin = { group = "org.jetbrains.kotlin", name = "kotlin-gradle-plugin", version.ref = "kotlinVersion" }
-owaspDepCheckPlugin = { group = "org.owasp", name = "dependency-check-gradle", version = "8.4.0" }
+owaspDepCheckPlugin = { group = "org.owasp", name = "dependency-check-gradle", version = "10.0.3" }
 versionsPlugin = { group = "com.github.ben-manes", name = "gradle-versions-plugin", version = "0.47.0" }
 
 [plugins]