GH-247 OWASP Dependency-Checker logs adjust

Signed-off-by: Uladzislau Kalesnikau <[email protected]>

Author: KUGDev

.github/workflows/dependency-check.yml

@@ -28,18 +28,7 @@ jobs:
       - name: Run dependency check
         env:
           NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
-        run: ./gradlew dependencyCheckAnalyze -Dnvd.api.key=$NVD_API_KEY
-
-      - name: Upload Dependency Check Report
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        if: always() # Load even if there are vulnerabilities
-        with:
-          name: dependency-check-report
-          path: |
-            ${{ github.workspace }}/build/reports/dependency-check-report.html
-            ${{ github.workspace }}/build/reports/dependency-check-report.json
-            ${{ github.workspace }}/build/reports/dependency-check-report.xml
-          retention-days: 5
+        run: ./gradlew dependencyCheckAnalyze -Dnvd.api.key=$NVD_API_KEY --quiet
 
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard

.github/workflows/scorecard.yml

@@ -53,15 +53,6 @@ jobs:
           # Filter SARIF File and only keep enabled checks
           cat results.sarif | jq '.runs[].results |= map(select(.ruleId as $id | '$ENABLED_CHECKS_IN_JSON' | index($id)))' > filteredResults.sarif
 
-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 5
-
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"