update pipeline

.drone.yml

@@ -1,73 +1,13 @@
-kind: pipeline
+kind: template
-type: docker
+load: java-build-deploy.yaml
-name: build
+data:
-
+  arch: arm64
-trigger:
+  os: linux
-  branch:
+  build_branches:
     - main
-  event:
+  build_events:
     - push
     - pull_request
-
+  sonar_project_key: HidekoBot
-steps:
+  deploy_targets:
-  # test if it compiles correctly
+    - production
-  - name: build
-    image: maven:3-eclipse-temurin-21
-    commands:
-      - mvn verify --no-transfer-progress -DskipTests=true -Dmaven.javadoc.skip=true -B -V
-
-  # run unit tests
-  - name: test
-    image: maven:3-eclipse-temurin-21
-    commands:
-      - mvn test --no-transfer-progress -B -V
-
-  # check maven dependencies
-  - name: dependency-check
-    image: maven:3-eclipse-temurin-21
-    commands:
-      - mvn dependency-check:check --no-transfer-progress -B -V -DnvdApiKey=$NVD_API_KEY
-    environment:
-      NVD_API_KEY:
-        from_secret: nvd_api_key
-
-  # run code analysis
-  - name: code-analysis
-    when:
-      event:
-        - push
-    image: maven:3-eclipse-temurin-21
-    commands:
-      - mvn sonar:sonar --no-transfer-progress -Dsonar.projectKey=$SONAR_PROJECT_KEY -Dsonar.host.url=$SONAR_INSTANCE_URL -Dsonar.token=$SONAR_LOGIN_KEY -B -V
-    environment:
-      SONAR_PROJECT_KEY:
-        from_secret: sonar_project_key
-      SONAR_INSTANCE_URL:
-        from_secret: sonar_instance_url
-      SONAR_LOGIN_KEY:
-        from_secret: sonar_login_key
-
----
-kind: pipeline
-type: docker
-name: deploy
-
-trigger:
-  event:
-    - promote
-  target:
-    - production
-
-steps:
-  # skip all previous steps because they were already ran in the "build" phase; we don't need to re-analyze the code.
-
-  # upload to maven repository
-  - name: maven-deploy
-    image: maven:3-eclipse-temurin-21
-    commands:
-      - mvn deploy --no-transfer-progress -DskipTests=true -Dmaven.javadoc.skip=true -B -V -gs settings.xml -Dmaven.repo.username=$MAVEN_REPO_USERNAME -Dmaven.repo.password=$MAVEN_REPO_PASSWORD
-    environment:
-      MAVEN_REPO_USERNAME:
-        from_secret: maven_repo_username
-      MAVEN_REPO_PASSWORD:
-        from_secret: maven_repo_password

README.MD

@@ -1,9 +1,9 @@
 # HidekoBot    
-[![Reliability Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot_AYWyYHsvX-1Ma0D4pJ59&metric=reliability_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot_AYWyYHsvX-1Ma0D4pJ59)
+[![Reliability Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot&metric=reliability_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot)
-[![Maintainability Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot_AYWyYHsvX-1Ma0D4pJ59&metric=sqale_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot_AYWyYHsvX-1Ma0D4pJ59) 
+[![Maintainability Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot&metric=sqale_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot) 
-[![Security Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot_AYWyYHsvX-1Ma0D4pJ59&metric=security_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot_AYWyYHsvX-1Ma0D4pJ59)
+[![Security Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot&metric=security_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot)
 [![Build Status](https://drone.beatrice.wtf/api/badges/bea/HidekoBot/status.svg)](https://drone.beatrice.wtf/bea/HidekoBot) 
-[![Lines of Code](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot_AYWyYHsvX-1Ma0D4pJ59&metric=ncloc&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot_AYWyYHsvX-1Ma0D4pJ59)
+[![Lines of Code](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot&metric=ncloc&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot)
   
 Hideko is a general-purpose Discord bot.  
   

pom.xml

@@ -160,6 +160,7 @@
                     <failBuildOnCVSS>8</failBuildOnCVSS>
                     <!--suppress UnresolvedMavenProperty -->
                     <nvdApiKey>${nvdApiKey}</nvdApiKey>
+                    <knownExploitedUrl>https://raw.githubusercontent.com/EugenMayer/cisa-known-exploited-mirror/main/known_exploited_vulnerabilities.json</knownExploitedUrl>
                     <formats>
                         <format>html</format>
                         <format>json</format>

suppressions.xml

@@ -1,31 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <!--
     <suppress>
         <notes><![CDATA[
-   file name: snakeyaml-1.33.jar
+           file name: snakeyaml-1.33.jar
-   ]]></notes>
+        ]]></notes>
         <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
         <cve>CVE-2021-4235</cve>
     </suppress>
-    <suppress>
+    -->
-        <notes><![CDATA[
-   file name: snakeyaml-1.33.jar
-   ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
-        <cve>CVE-2022-3064</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-   file name: snakeyaml-1.33.jar
-   ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
-        <vulnerabilityName>CVE-2022-1471</vulnerabilityName>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-   file name: json-20220924.jar
-   ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.json/json@.*$</packageUrl>
-        <vulnerabilityName>CVE-2022-45688</vulnerabilityName>
-    </suppress>
 </suppressions>