diff --git a/.github/workflows/owasp-dependency-check.yaml b/.github/workflows/owasp-dependency-check.yaml
index 499f494b13..b24ce19c96 100644
--- a/.github/workflows/owasp-dependency-check.yaml
+++ b/.github/workflows/owasp-dependency-check.yaml
@@ -21,7 +21,7 @@ on:
push:
branches:
- dev
- pull_request:
+ pull_request_target:
paths:
- '**/pom.xml'
@@ -30,6 +30,9 @@ env:
jobs:
build:
+ permissions:
+ contents: read
+ pull-requests: write
runs-on: ubuntu-latest
timeout-minutes: 120
steps:
@@ -42,7 +45,13 @@ jobs:
java-version: 8
distribution: 'adopt'
- name: Run OWASP Dependency Check
- run: ./mvnw -B clean install dependency-check:check -Dowasp.skip=false -Dspotless.skip=true -Drat.skip=true
+ run: |
+ ./mvnw -B clean install dependency-check:check \
+ -Dowasp.skip=false \
+ -Dspotless.skip=true \
+ -Drat.skip=true
+ env:
+ NIST_NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }}
- name: Upload report
uses: actions/upload-artifact@v4
if: ${{ cancelled() || failure() }}
diff --git a/pom.xml b/pom.xml
index a6abe4951d..f8602be1e7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -136,7 +136,7 @@
3.7.5
3.2.0
1.0.0
- 9.2.0
+ 10.0.2
3.3.0
org.apache.streampark.shaded
flink-table-uber_${scala.binary.version}
@@ -831,6 +831,7 @@
true
true
7
+ NIST_NVD_API_KEY