Reduce frequency of vulnerability scan to weekly (#161)

bestbeforetoday · web-flow · commit e59b6d657bef · 2023-10-04T09:33:00.000+01:00
Also suppress a false positive vulnerability detection.

Signed-off-by: Mark S. Lewis &lt;Mark.S.Lewis@outlook.com&gt;
diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
@@ -2,7 +2,7 @@ name: "Security vulnerability scan"
 
 on:
   schedule:
-    - cron: "20 23 * * *"
+    - cron: "20 23 * * 0"
 
 jobs:
   scan:
diff --git a/dependency-suppressions.xml b/dependency-suppressions.xml
@@ -48,4 +48,11 @@
         <packageUrl regex="true">^pkg:maven/com\.ibm\.cloud/cloudant(-common)?@.*$</packageUrl>
         <cve>CVE-2023-26268</cve>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+        gRPC Java is not affected by this vulnerability; only gRPC C++, Python and Ruby
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/io\.opentelemetry\.instrumentation/opentelemetry\-grpc\-1\.6@.*$</packageUrl>
+        <cve>CVE-2023-4785</cve>
+    </suppress>
 </suppressions>
diff --git a/pom.xml b/pom.xml
@@ -364,7 +364,7 @@
                     <plugin>
                         <groupId>org.owasp</groupId>
                         <artifactId>dependency-check-maven</artifactId>
-                        <version>8.3.1</version>
+                        <version>8.4.0</version>
                         <configuration>
                             <skipProvidedScope>true</skipProvidedScope>
                             <skipTestScope>true</skipTestScope>
