Cache OWASP Dependency Check database in CI

Author: thibauult

.github/workflows/cve-scanning-gradle.yml

@@ -24,6 +24,13 @@ jobs:
         uses: gradle/actions/setup-gradle@v3
         with:
           cache-read-only: ${{ github.ref != 'refs/heads/main' }}
+      - name: Cache OWASP Dependency Check Database
+        uses: actions/cache@v4
+        with:
+          path: ~/.gradle/dependency-check-data
+          key: ${{ runner.os }}-owasp-db-${{ github.run_id }}
+          restore-keys: |
+            ${{ runner.os }}-owasp-db-
       - name: Build with Gradle
         # The build action is not strictly necessary as dependencyCheckAggregate will build the project
         # but it's good practice to have it as a separate step to catch build errors earlier.

build.gradle

@@ -62,7 +62,7 @@ dependencyCheck {
     failBuildOnCVSS=5
     suppressionFile="./allow-list.xml"
     data {
-        directory = "${buildDir}/dependency-check-data"
+        directory = "${System.getProperty('user.home')}/.gradle/dependency-check-data"
     }
     nvd {
         apiKey = System.getenv("NVD_API_KEY") ?: (project.findProperty("dependencyCheck.nvd.apiKey") ?: "")