From 1418ba2488b3bb19f17319c9d489975409fb9521 Mon Sep 17 00:00:00 2001
From: Ulli Hafner <ullrich.hafner@gmail.com>
Date: Thu, 25 Sep 2025 09:20:22 +0200
Subject: [PATCH 1/2] Test commit

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 66aff0c6..9fefe8cf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1095,8 +1095,8 @@
             <groupId>org.owasp</groupId>
             <artifactId>dependency-check-maven</artifactId>
             <configuration>
-              <nvdApiKeyEnvironmentVariable>NVD_API_KEY</nvdApiKeyEnvironmentVariable>
               <format>JSON</format>
+              <nvdApiKeyEnvironmentVariable>NVD_API_KEY</nvdApiKeyEnvironmentVariable>
               <ossIndexUsername>ullrich.hafner@gmail.com</ossIndexUsername>
               <!--suppress UnresolvedMavenProperty: credentials are provided during CI -->
               <ossIndexPassword>${env.OSS_INDEX_TOKEN}</ossIndexPassword>

From 0995781a7bd014c91117ac9d7fcd97604a909517 Mon Sep 17 00:00:00 2001
From: Ulli Hafner <ullrich.hafner@gmail.com>
Date: Thu, 25 Sep 2025 10:22:37 +0200
Subject: [PATCH 2/2] Use Sonatype OSS index service with a custom token

Sonatype now requires authentication while accessing the
OSS Index analyzer. The token must be provided as the environment
variable `OSS_INDEX_TOKEN`.
---
 .github/workflows/quality-monitor-build.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/quality-monitor-build.yml b/.github/workflows/quality-monitor-build.yml
index 6d80365e..3b0bf24d 100644
--- a/.github/workflows/quality-monitor-build.yml
+++ b/.github/workflows/quality-monitor-build.yml
@@ -39,6 +39,7 @@ jobs:
       - name: Build with Maven
         env:
           NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
+          OSS_INDEX_TOKEN: ${{ secrets.OSS_INDEX_TOKEN }}
           PIT: ${{ env.PIT }}
         run: |
           mvn -V --color always -ntp clean verify $PIT -Pci -Powasp | tee maven.log