Configure credentials for ossindex

.github/workflows/build.yml

@@ -38,7 +38,7 @@ jobs:
         java-version: ${{ matrix.java }}
 
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
 
     - name: Cache SonarQube packages
       uses: actions/cache@v4
@@ -49,6 +49,10 @@ jobs:
 
     - name: Build with Java ${{ matrix.java }}
       run: ./gradlew build --info --warning-mode all -PjavaVersion=${{ matrix.java }}
+      env:
+        ORG_GRADLE_PROJECT_ossIndexUsername: ${{ secrets.OSSINDEX_USERNAME }}
+        ORG_GRADLE_PROJECT_ossIndexToken: ${{ secrets.OSSINDEX_TOKEN }}
+
 
     - name: Sonar analysis
       if: ${{ env.DEFAULT_JAVA == matrix.java && env.SONAR_TOKEN != null }}

.github/workflows/codeql-analysis.yml

@@ -32,7 +32,7 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
 
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3

.github/workflows/release.yml

@@ -26,7 +26,7 @@ jobs:
 
       - name: Fail if not running on main branch
         if: ${{ github.ref != 'refs/heads/main' }}
-        uses: actions/github-script@v7
+        uses: actions/github-script@v8
         with:
           script: |
             core.setFailed('Not running on main branch, github.ref is ${{ github.ref }}. Please start this workflow only on main')
@@ -37,7 +37,7 @@ jobs:
           java-version: 17
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@v4
+        uses: gradle/actions/setup-gradle@v5
 
       - name: Build
         run: ./gradlew build --warning-mode all

CHANGELOG.md

@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+- [PR #58](https://github.com/itsallcode/openfasttrace-gradle/pull/58)
+  - Upgrade dependencies
+  - Specify credentials for OssIndex
+
 ## [3.1.0] - 2025-08-03
 
 - [PR #51](https://github.com/itsallcode/openfasttrace-gradle/pull/51) (Thanks to [@koppor](https://github.com/koppor) for his contribution!)

README.md

@@ -183,6 +183,15 @@ To use `openfasttrace` from source during development:
 
 ### Check dependencies for vulnerabilities
 
+Get token for OssIndex from [ossindex.sonatype.org](https://ossindex.sonatype.org/) and add it to `~/.gradle/gradle.properties`:
+
+```properties
+ossIndexUsername = <user>
+ossIndexToken    = <token>
+```
+
+Then run
+
 ```sh
 ./gradlew ossIndexAudit
 ```

build.gradle

@@ -2,11 +2,11 @@ plugins {
     id 'java-gradle-plugin'
     id 'jacoco'
     id 'signing'
-    id 'com.gradle.plugin-publish' version '1.3.1'
-    id 'org.sonarqube' version '6.2.0.5505'
+    id 'com.gradle.plugin-publish' version '2.0.0'
+    id 'org.sonarqube' version '7.0.1.6134'
     id 'pl.droidsonroids.jacoco.testkit' version '1.0.12'
-    id 'com.github.ben-manes.versions' version '0.52.0'
-    id 'org.sonatype.gradle.plugins.scan' version '3.1.2'
+    id 'com.github.ben-manes.versions' version '0.53.0'
+    id 'org.sonatype.gradle.plugins.scan' version '3.1.4'
 }
 
 repositories {
@@ -21,7 +21,7 @@ group = 'org.itsallcode'
 ext {
     gradlePluginId = 'org.itsallcode.openfasttrace'
     oftVersion = '4.2.0'
-    junitVersion = '5.13.4'
+    junitVersion = '6.0.0'
     if (project.hasProperty('oftSourceDir')) {
         oftSourceDir = file(project.oftSourceDir)
         useOftSources = oftSourceDir.exists()
@@ -170,6 +170,10 @@ tasks.named("dependencyUpdates").configure {
 }
 
 ossIndexAudit {
+  if(project.hasProperty("ossIndexUsername") && project.hasProperty("ossIndexToken")) {
+    username = findProperty("ossIndexUsername")
+    password = findProperty("ossIndexToken")
+  }
   allConfigurations = false
   useCache = true
   excludeVulnerabilityIds = []