From d281c8e5ca935db685cf0a5ee18075f22253a556 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 6 Jul 2024 16:37:07 +0000
Subject: [PATCH 1/2] Update plugin dependencycheck to v10.0.2

---
 gradle/libs.versions.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 862a91b..c18b43e 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -53,5 +53,5 @@ ksp = { id = "com.google.devtools.ksp", version.ref = "ksp" }
 maven_publish = { id = "com.vanniktech.maven.publish", version = "0.29.0" }
 kover = { id = "org.jetbrains.kotlinx.kover", version.ref = "kover" }
 roborazzi = { id = "io.github.takahirom.roborazzi", version.ref = "roborazzi" }
-dependencycheck = "org.owasp.dependencycheck:10.0.1"
+dependencycheck = "org.owasp.dependencycheck:10.0.2"
 sonarqube = "org.sonarqube:5.1.0.4882"
\ No newline at end of file

From bdc14bdbf8afc6e05981e1b64a04ff600bc87ac1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jorge=20Mart=C3=ADn?= <jorgem@element.io>
Date: Thu, 11 Jul 2024 12:56:28 +0200
Subject: [PATCH 2/2] Try using NVD API key

---
 .github/workflows/nightlyReports.yml | 2 +-
 compound/build.gradle.kts            | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/nightlyReports.yml b/.github/workflows/nightlyReports.yml
index 606498a..5a64600 100644
--- a/.github/workflows/nightlyReports.yml
+++ b/.github/workflows/nightlyReports.yml
@@ -66,7 +66,7 @@ jobs:
         with:
           cache-read-only: ${{ github.ref != 'refs/heads/main' }}
       - name: Dependency analysis
-        run: ./gradlew dependencyCheckAnalyze $CI_GRADLE_ARG_PROPERTIES
+        run: ./gradlew :compound:dependencyCheckAnalyze $CI_GRADLE_ARG_PROPERTIES -PNVD_API_KEY="${{ secrets.NVD_API_KEY }}"
       - name: Upload dependency analysis
         if: always()
         uses: actions/upload-artifact@v4
diff --git a/compound/build.gradle.kts b/compound/build.gradle.kts
index 1359b73..19d65ca 100644
--- a/compound/build.gradle.kts
+++ b/compound/build.gradle.kts
@@ -23,6 +23,7 @@ plugins {
     alias(libs.plugins.ksp)
     alias(libs.plugins.kover)
     alias(libs.plugins.roborazzi)
+    alias(libs.plugins.dependencycheck)
 }
 
 android {
@@ -95,6 +96,11 @@ kotlin {
     jvmToolchain(17)
 }
 
+configure<org.owasp.dependencycheck.gradle.extension.DependencyCheckExtension> {
+    (properties["NVD_API_KEY"] as? String)?.let { nvd.apiKey = it }
+    nvd.delay = 1600
+}
+
 mavenPublishing {
     publishToMavenCentral(SonatypeHost.S01)
     signAllPublications()