Due to the-non-cacheable vulnerability database of the Maven plugin, it downloads the DB on every run, also twice because Java 11 and 17.
We should try relying on an action like https://github.com/dependency-check/Dependency-Check_Action which caches the database within the container and see if this speeds up builds.
Another idea: make the cache not depending on a hashed pom.xml or move the OWASP Maven Plugin dataDirectory path outside of Maven cache (and cache on its own). https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html (as the pom.xml gets updated for deps, the Maven cache is empty, which also means empty NVD CVE DB)
Due to the-non-cacheable vulnerability database of the Maven plugin, it downloads the DB on every run, also twice because Java 11 and 17.
We should try relying on an action like https://github.com/dependency-check/Dependency-Check_Action which caches the database within the container and see if this speeds up builds.
Another idea: make the cache not depending on a hashed
pom.xmlor move the OWASP Maven PlugindataDirectorypath outside of Maven cache (and cache on its own). https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html (as the pom.xml gets updated for deps, the Maven cache is empty, which also means empty NVD CVE DB)