From fd4348a8a0678c607f7ce68f4a830f1529d853ea Mon Sep 17 00:00:00 2001
From: sg <spyros@ocurity.com>
Date: Wed, 30 Oct 2024 14:57:59 +0000
Subject: [PATCH] first step in fixing #453 by providing an optional nvdApiKey
 to dependency-check

---
 components/producers/dependency-check/task.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/components/producers/dependency-check/task.yaml b/components/producers/dependency-check/task.yaml
index f78510a54..85410d4ff 100644
--- a/components/producers/dependency-check/task.yaml
+++ b/components/producers/dependency-check/task.yaml
@@ -8,6 +8,10 @@ metadata:
     v1.smithy.smithy-security.com/test-type: sca
 spec:
   description: Generate a Dependency-Check report from source code.
+  params:
+    - name: producer-dependency-check-nvd-api-key
+      type: string
+      default: ""
   volumes:
     - name: scratch
       emptyDir: {}
@@ -19,6 +23,8 @@ spec:
     image: owasp/dependency-check:10.0.3
     command: [/usr/share/dependency-check/bin/dependency-check.sh]
     args:
+    - --nvdApiKey
+    - $(params.producer-dependency-check-nvd-api-key)
     - -f
     - JSON
     - -o