Reputation: 253
How to cache OWASP dependecy check NVD database on CI
OWASP dependency check it's a great way of automating vulnerability discovery in our projects, though when running it as part of a CI pipeline per project it adds 3-4 minutes just to download the NVD database.
How can we cache this DB when running it with maven / gradle on a CI pipeline?
Upvotes: 3
Views: 7494
Answers (2)
Reputation: 1
Guess the above is outdated. Now running mvn dependency-check:check creates a db file(210MB) here: ~/.m2/repository/org/owasp/dependency-check-data/11.0/odc.mv.db
Upvotes: 0
Reputation: 253
After a bit of research I found the way!
Basically, the files containing the NVM db are called: nvdcve-1.1-[YYYY].json.gz i.e. nvdcve-1.1-2022.json.gz which are later added to a Lucene index.
When running Dependency-Check with the Gradle plugin the files are created on:
$GRADLE_USER_HOME/.gradle/dependency-check-data/7.0/nvdcache/
When running it with Maven they are created on:
$MAVEN_HOME/.m2/repository/org/owasp/dependency-check-data/7.0/nvdcache/
So to cache this the DB on Gitlab CI you just have to add the following to your .gitlab-ci.yaml (Gradle):
before_script:
- export GRADLE_USER_HOME=`pwd`/.gradle
cache:
key: "$CI_PROJECT_NAME"
paths:
- .gradle/dependency-check-data
The first CI job run will create the cache and the consecutive (from same or different pipelines) will fetch it!
Upvotes: 7
Related Questions
- SwiftUI custom animation does not apply on inner view change
- Rotate animation issue on custom SwiftUI loading indicator
- Problem animating with animatableData in SwiftUI
- SwiftUI ViewModifier animation not showing properly everytime
- SwiftUI animation not continuous after view change
- Animate an animation's speed
- Bad performance with rotation animation in swiftUI
- Smoothly speed up rotation in SwiftUI
- Why does my SwiftUI animation revert to the previous frame on rotation?
- Explicit animations using only an .animation modifier don't work