Describe the bug
The nvdApiServerId property appears to have no effect.
Version of dependency-check used
Maven plugin 9.0.0
Log file
[INFO] --- dependency-check:9.0.0:check (default-cli) @ test ---
[INFO] Checking for updates
[WARNING] An NVD API Key was not provided - it is highly recommended to use an NVD API key as the update can take a VERY long time without an API Key
Debug logs.
To Reproduce
<!-- pom.xml -->
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>9.0.0</version>
<configuration>
<assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
<nodeAnalyzerEnabled>false</nodeAnalyzerEnabled>
<nvdApiServerId>nvd</nvdApiServerId>
<failOnError>false</failOnError>
<ossIndexServerId>sonatype-ossindex</ossIndexServerId>
<outputDirectory>${project.build.directory}/owasp-reports</outputDirectory>
<suppressionFile>${project.basedir}/suppressions.xml</suppressionFile>
</configuration>
<executions>
<execution>
<phase>verify</phase>
<goals><goal>check</goal></goals>
<configuration>
<format>XML</format>
<versionCheckEnabled>false</versionCheckEnabled>
</configuration>
</execution>
</executions>
</plugin><!-- settings.xml -->
<server>
<id>sonatype-ossindex</id>
<username>****</username>
<password>****</password>
</server>
<server>
<id>nvd</id>
<username>****</username>
<password>****</password>
</server>Expected behavior
The API key is taken from the matching server in settings.xml.
Additional context
Using nvdApiKey is picked up, and the warning is no longer logged.
Describe the bug
The
nvdApiServerIdproperty appears to have no effect.Version of dependency-check used
Maven plugin 9.0.0
Log file
Debug logs.
To Reproduce
Expected behavior
The API key is taken from the matching server in settings.xml.
Additional context
Using
nvdApiKeyis picked up, and the warning is no longer logged.