From 039d1604bdbbc52a2b9efd866c6ceb0206b8c1af Mon Sep 17 00:00:00 2001
From: OneSizeFitsQuorum <tanxinyu@apache.org>
Date: Sun, 14 Dec 2025 09:58:33 +0800
Subject: [PATCH 01/16] test

Signed-off-by: OneSizeFitsQuorum <tanxinyu@apache.org>
---
 .github/workflows/vulnerability-check.yml | 60 +++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 .github/workflows/vulnerability-check.yml

diff --git a/.github/workflows/vulnerability-check.yml b/.github/workflows/vulnerability-check.yml
new file mode 100644
index 0000000000..479895a916
--- /dev/null
+++ b/.github/workflows/vulnerability-check.yml
@@ -0,0 +1,60 @@
+name: vulnerability-check
+on:
+  schedule:
+    # Run at UTC 16:00 every week (CST 00:00 AM)
+    - cron: "0 16 * * 0"
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3
+  MAVEN_ARGS: --batch-mode --no-transfer-progress
+
+jobs:
+  dependency-check:
+    strategy:
+      fail-fast: false
+      max-parallel: 15
+      matrix:
+        java: [17]
+        os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK ${{ matrix.java }}
+        uses: actions/setup-java@v4
+        with:
+          distribution: corretto
+          java-version: ${{ matrix.java }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Cache Maven packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2-
+      - name: Do Maven install
+        shell: bash
+        run: mvn clean install -DskipTests
+      - name: Do the dependency-check:check
+        shell: bash
+        run: mvn org.owasp:dependency-check-maven:check -DossIndexUsername=${{ secrets.OSS_INDEX_USER }} -DossIndexPassword=${{ secrets.OSS_INDEX_TOKEN }}
+      - name: Do the dependency-check:aggregate
+        shell: bash
+        run: mvn org.owasp:dependency-check-maven:aggregate -DossIndexUsername=${{ secrets.OSS_INDEX_USER }} -DossIndexPassword=${{ secrets.OSS_INDEX_TOKEN }}
+      - name: Convert UTC to East Asia Standard Time and Extract Date
+        run: |
+          utc_time="${{ github.run_started_at }}"
+          target_time=$(TZ=Asia/Shanghai date -d "$utc_time" +"%Y-%m-%d")
+          echo "DATE_EAST_ASIA=$target_time" >> $GITHUB_ENV
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: vulnerability-check-result-${{ runner.os }}-${{ env.DATE_EAST_ASIA }}
+          path: target/dependency-check-report.html
+          retention-days: 15
\ No newline at end of file

From 44d4712ca483732d5cd0a4cf8944f0563dc9b849 Mon Sep 17 00:00:00 2001
From: OneSizeFitsQuorum <tanxinyu@apache.org>
Date: Sun, 14 Dec 2025 11:31:22 +0800
Subject: [PATCH 02/16] add license

Signed-off-by: OneSizeFitsQuorum <tanxinyu@apache.org>
---
 .github/workflows/vulnerability-check.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/.github/workflows/vulnerability-check.yml b/.github/workflows/vulnerability-check.yml
index 479895a916..acc457422e 100644
--- a/.github/workflows/vulnerability-check.yml
+++ b/.github/workflows/vulnerability-check.yml
@@ -1,4 +1,20 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 name: vulnerability-check
+
 on:
   schedule:
     # Run at UTC 16:00 every week (CST 00:00 AM)

From e8be3f406d07397a525bdb0d29a776e37058dd91 Mon Sep 17 00:00:00 2001
From: OneSizeFitsQuorum <tanxinyu@apache.org>
Date: Sun, 14 Dec 2025 11:32:10 +0800
Subject: [PATCH 03/16] trigger ci

Signed-off-by: OneSizeFitsQuorum <tanxinyu@apache.org>

From 4ee134a445967c6c87678709e6197dcceea7b7f2 Mon Sep 17 00:00:00 2001
From: OneSizeFitsQuorum <tanxinyu@apache.org>
Date: Tue, 16 Dec 2025 23:20:42 +0800
Subject: [PATCH 04/16] fix review

Signed-off-by: OneSizeFitsQuorum <tanxinyu@apache.org>
---
 .github/workflows/vulnerability-check.yml | 12 +++---------
 pom.xml                                   |  5 +++++
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/vulnerability-check.yml b/.github/workflows/vulnerability-check.yml
index acc457422e..5a20da8df8 100644
--- a/.github/workflows/vulnerability-check.yml
+++ b/.github/workflows/vulnerability-check.yml
@@ -33,7 +33,6 @@ jobs:
   dependency-check:
     strategy:
       fail-fast: false
-      max-parallel: 15
       matrix:
         java: [17]
         os: [ubuntu-latest]
@@ -46,8 +45,6 @@ jobs:
         with:
           distribution: corretto
           java-version: ${{ matrix.java }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Cache Maven packages
         uses: actions/cache@v4
         with:
@@ -57,20 +54,17 @@ jobs:
       - name: Do Maven install
         shell: bash
         run: mvn clean install -DskipTests
-      - name: Do the dependency-check:check
-        shell: bash
-        run: mvn org.owasp:dependency-check-maven:check -DossIndexUsername=${{ secrets.OSS_INDEX_USER }} -DossIndexPassword=${{ secrets.OSS_INDEX_TOKEN }}
       - name: Do the dependency-check:aggregate
         shell: bash
         run: mvn org.owasp:dependency-check-maven:aggregate -DossIndexUsername=${{ secrets.OSS_INDEX_USER }} -DossIndexPassword=${{ secrets.OSS_INDEX_TOKEN }}
-      - name: Convert UTC to East Asia Standard Time and Extract Date
+      - name: Convert UTC to China Standard Time and Extract Date
         run: |
           utc_time="${{ github.run_started_at }}"
           target_time=$(TZ=Asia/Shanghai date -d "$utc_time" +"%Y-%m-%d")
-          echo "DATE_EAST_ASIA=$target_time" >> $GITHUB_ENV
+          echo "DATE_SHANGHAI=$target_time" >> $GITHUB_ENV
       - name: Upload Artifact
         uses: actions/upload-artifact@v4
         with:
-          name: vulnerability-check-result-${{ runner.os }}-${{ env.DATE_EAST_ASIA }}
+          name: vulnerability-check-result-${{ runner.os }}-${{ env.DATE_SHANGHAI }}
           path: target/dependency-check-report.html
           retention-days: 15
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 27bdd2352b..f1c3c9e1bb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -726,6 +726,11 @@
           </execution>
         </executions>
       </plugin>
+    <plugin>
+        <groupId>org.owasp</groupId>
+        <artifactId>dependency-check-maven</artifactId>
+        <version>12.1.9</version>
+    </plugin>
     </plugins>
     <resources>
       <resource>

From 741ca7b412ebf1de26a5e55f9221f9fb0f4916ce Mon Sep 17 00:00:00 2001
From: OneSizeFitsQuorum <tanxinyu@apache.org>
Date: Wed, 17 Dec 2025 22:13:52 +0800
Subject: [PATCH 05/16] add MAVEN_ARGS

Signed-off-by: OneSizeFitsQuorum <tanxinyu@apache.org>
---
 .github/workflows/vulnerability-check.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/vulnerability-check.yml b/.github/workflows/vulnerability-check.yml
index 5a20da8df8..5192d5006a 100644
--- a/.github/workflows/vulnerability-check.yml
+++ b/.github/workflows/vulnerability-check.yml
@@ -53,10 +53,10 @@ jobs:
           restore-keys: ${{ runner.os }}-m2-
       - name: Do Maven install
         shell: bash
-        run: mvn clean install -DskipTests
+        run: mvn $MAVEN_ARGS clean install -DskipTests
       - name: Do the dependency-check:aggregate
         shell: bash
-        run: mvn org.owasp:dependency-check-maven:aggregate -DossIndexUsername=${{ secrets.OSS_INDEX_USER }} -DossIndexPassword=${{ secrets.OSS_INDEX_TOKEN }}
+        run: mvn $MAVEN_ARGS org.owasp:dependency-check-maven:aggregate -DossIndexUsername=${{ secrets.OSS_INDEX_USER }} -DossIndexPassword=${{ secrets.OSS_INDEX_TOKEN }}
       - name: Convert UTC to China Standard Time and Extract Date
         run: |
           utc_time="${{ github.run_started_at }}"

From 6d5e05bd2bd7ac95ac2f458df6021509c447e265 Mon Sep 17 00:00:00 2001
From: OneSizeFitsQuorum <tanxinyu@apache.org>
Date: Wed, 17 Dec 2025 22:23:58 +0800
Subject: [PATCH 06/16] add nvd_key

Signed-off-by: OneSizeFitsQuorum <tanxinyu@apache.org>
---
 .github/workflows/vulnerability-check.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vulnerability-check.yml b/.github/workflows/vulnerability-check.yml
index 5192d5006a..f16bd65924 100644
--- a/.github/workflows/vulnerability-check.yml
+++ b/.github/workflows/vulnerability-check.yml
@@ -56,7 +56,7 @@ jobs:
         run: mvn $MAVEN_ARGS clean install -DskipTests
       - name: Do the dependency-check:aggregate
         shell: bash
-        run: mvn $MAVEN_ARGS org.owasp:dependency-check-maven:aggregate -DossIndexUsername=${{ secrets.OSS_INDEX_USER }} -DossIndexPassword=${{ secrets.OSS_INDEX_TOKEN }}
+        run: mvn $MAVEN_ARGS org.owasp:dependency-check-maven:aggregate -DossIndexUsername=${{ secrets.OSS_INDEX_USER }} -DossIndexPassword=${{ secrets.OSS_INDEX_TOKEN }} -DnvdApiKey=${{ secrets.NVD_API_KEY }}
       - name: Convert UTC to China Standard Time and Extract Date
         run: |
           utc_time="${{ github.run_started_at }}"

From fda5e1ca9e4c1900ff66219d5c0f149dc2537743 Mon Sep 17 00:00:00 2001
From: OneSizeFitsQuorum <tanxinyu@apache.org>
Date: Wed, 17 Dec 2025 22:28:30 +0800
Subject: [PATCH 07/16] add if

Signed-off-by: OneSizeFitsQuorum <tanxinyu@apache.org>
---
 .github/workflows/vulnerability-check.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/vulnerability-check.yml b/.github/workflows/vulnerability-check.yml
index f16bd65924..bbbd3e8685 100644
--- a/.github/workflows/vulnerability-check.yml
+++ b/.github/workflows/vulnerability-check.yml
@@ -31,6 +31,7 @@ env:
 
 jobs:
   dependency-check:
+    if: ${{ github.event_name == 'workflow_dispatch' || github.repository == 'apache/ratis' }}
     strategy:
       fail-fast: false
       matrix:

From 7625801d4a2fdec3fe18b53f178bad1580c9d956 Mon Sep 17 00:00:00 2001
From: OneSizeFitsQuorum <tanxinyu@apache.org>
Date: Wed, 17 Dec 2025 22:31:49 +0800
Subject: [PATCH 08/16] remove matrix

Signed-off-by: OneSizeFitsQuorum <tanxinyu@apache.org>
---
 .github/workflows/vulnerability-check.yml | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/vulnerability-check.yml b/.github/workflows/vulnerability-check.yml
index bbbd3e8685..dcae0d2055 100644
--- a/.github/workflows/vulnerability-check.yml
+++ b/.github/workflows/vulnerability-check.yml
@@ -32,40 +32,41 @@ env:
 jobs:
   dependency-check:
     if: ${{ github.event_name == 'workflow_dispatch' || github.repository == 'apache/ratis' }}
-    strategy:
-      fail-fast: false
-      matrix:
-        java: [17]
-        os: [ubuntu-latest]
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v4
-      - name: Set up JDK ${{ matrix.java }}
+        
+      - name: Set up JDK 17
         uses: actions/setup-java@v4
         with:
           distribution: corretto
-          java-version: ${{ matrix.java }}
+          java-version: 17
+
       - name: Cache Maven packages
         uses: actions/cache@v4
         with:
           path: ~/.m2
-          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-m2-
+          key: ubuntu-latest-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ubuntu-latest-m2-
+
       - name: Do Maven install
         shell: bash
         run: mvn $MAVEN_ARGS clean install -DskipTests
+
       - name: Do the dependency-check:aggregate
         shell: bash
         run: mvn $MAVEN_ARGS org.owasp:dependency-check-maven:aggregate -DossIndexUsername=${{ secrets.OSS_INDEX_USER }} -DossIndexPassword=${{ secrets.OSS_INDEX_TOKEN }} -DnvdApiKey=${{ secrets.NVD_API_KEY }}
+
       - name: Convert UTC to China Standard Time and Extract Date
         run: |
           utc_time="${{ github.run_started_at }}"
           target_time=$(TZ=Asia/Shanghai date -d "$utc_time" +"%Y-%m-%d")
           echo "DATE_SHANGHAI=$target_time" >> $GITHUB_ENV
+
       - name: Upload Artifact
         uses: actions/upload-artifact@v4
         with:
-          name: vulnerability-check-result-${{ runner.os }}-${{ env.DATE_SHANGHAI }}
+          name: vulnerability-check-result-${{ env.DATE_SHANGHAI }}
           path: target/dependency-check-report.html
           retention-days: 15
\ No newline at end of file

From f92bf43739f59f50cd6827625eb929eeedd377d4 Mon Sep 17 00:00:00 2001
From: OneSizeFitsQuorum <tanxinyu@apache.org>
Date: Wed, 17 Dec 2025 22:51:07 +0800
Subject: [PATCH 09/16] remove cache

Signed-off-by: OneSizeFitsQuorum <tanxinyu@apache.org>
---
 .github/workflows/vulnerability-check.yml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/.github/workflows/vulnerability-check.yml b/.github/workflows/vulnerability-check.yml
index dcae0d2055..a3da60582f 100644
--- a/.github/workflows/vulnerability-check.yml
+++ b/.github/workflows/vulnerability-check.yml
@@ -43,13 +43,6 @@ jobs:
           distribution: corretto
           java-version: 17
 
-      - name: Cache Maven packages
-        uses: actions/cache@v4
-        with:
-          path: ~/.m2
-          key: ubuntu-latest-m2-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ubuntu-latest-m2-
-
       - name: Do Maven install
         shell: bash
         run: mvn $MAVEN_ARGS clean install -DskipTests

From 7e338c432f9a6ef4ecfa85e9a3fbd95e3bf7bb09 Mon Sep 17 00:00:00 2001
From: OneSizeFitsQuorum <tanxinyu@apache.org>
Date: Wed, 17 Dec 2025 22:55:59 +0800
Subject: [PATCH 10/16] use jdk11

Signed-off-by: OneSizeFitsQuorum <tanxinyu@apache.org>
---
 .github/workflows/vulnerability-check.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/vulnerability-check.yml b/.github/workflows/vulnerability-check.yml
index a3da60582f..c3fefe106c 100644
--- a/.github/workflows/vulnerability-check.yml
+++ b/.github/workflows/vulnerability-check.yml
@@ -37,11 +37,11 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         
-      - name: Set up JDK 17
+      - name: Set up JDK 11
         uses: actions/setup-java@v4
         with:
           distribution: corretto
-          java-version: 17
+          java-version: 11
 
       - name: Do Maven install
         shell: bash

From fbb3318c5e322168f3b66064bf205befc951e28a Mon Sep 17 00:00:00 2001
From: Potato <tanxinyu@apache.org>
Date: Wed, 17 Dec 2025 23:04:23 +0800
Subject: [PATCH 11/16] Update pom.xml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index f1c3c9e1bb..41c32c7c24 100644
--- a/pom.xml
+++ b/pom.xml
@@ -726,11 +726,11 @@
           </execution>
         </executions>
       </plugin>
-    <plugin>
+      <plugin>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-maven</artifactId>
         <version>12.1.9</version>
-    </plugin>
+      </plugin>
     </plugins>
     <resources>
       <resource>

From 9d979efd9a4317df75e7b11db88a55870050a29a Mon Sep 17 00:00:00 2001
From: Potato <tanxinyu@apache.org>
Date: Wed, 17 Dec 2025 23:04:31 +0800
Subject: [PATCH 12/16] Update .github/workflows/vulnerability-check.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .github/workflows/vulnerability-check.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/vulnerability-check.yml b/.github/workflows/vulnerability-check.yml
index c3fefe106c..96c8ffd575 100644
--- a/.github/workflows/vulnerability-check.yml
+++ b/.github/workflows/vulnerability-check.yml
@@ -36,7 +36,6 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
-        
       - name: Set up JDK 11
         uses: actions/setup-java@v4
         with:

From b0a400a0d77dbd288997a438bbc103488417c992 Mon Sep 17 00:00:00 2001
From: OneSizeFitsQuorum <tanxinyu@apache.org>
Date: Wed, 17 Dec 2025 23:16:57 +0800
Subject: [PATCH 13/16] fix

Signed-off-by: OneSizeFitsQuorum <tanxinyu@apache.org>
---
 .github/workflows/vulnerability-check.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vulnerability-check.yml b/.github/workflows/vulnerability-check.yml
index 96c8ffd575..45968369d9 100644
--- a/.github/workflows/vulnerability-check.yml
+++ b/.github/workflows/vulnerability-check.yml
@@ -17,7 +17,7 @@ name: vulnerability-check
 
 on:
   schedule:
-    # Run at UTC 16:00 every week (CST 00:00 AM)
+    # Run at UTC 16:00 every week (CST 00:00)
     - cron: "0 16 * * 0"
   workflow_dispatch:
 

From 63bf303bbf6a56cd1919239f8c65240835c7d76b Mon Sep 17 00:00:00 2001
From: OneSizeFitsQuorum <tanxinyu@apache.org>
Date: Wed, 17 Dec 2025 23:32:40 +0800
Subject: [PATCH 14/16] fix

Signed-off-by: OneSizeFitsQuorum <tanxinyu@apache.org>
---
 .../{vulnerability-check.yml => vulnerability-check.yaml}       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename .github/workflows/{vulnerability-check.yml => vulnerability-check.yaml} (97%)

diff --git a/.github/workflows/vulnerability-check.yml b/.github/workflows/vulnerability-check.yaml
similarity index 97%
rename from .github/workflows/vulnerability-check.yml
rename to .github/workflows/vulnerability-check.yaml
index 45968369d9..35991681ec 100644
--- a/.github/workflows/vulnerability-check.yml
+++ b/.github/workflows/vulnerability-check.yaml
@@ -17,7 +17,7 @@ name: vulnerability-check
 
 on:
   schedule:
-    # Run at UTC 16:00 every week (CST 00:00)
+    # Run at 16:00 UTC every Sunday (Monday 00:00 CST)
     - cron: "0 16 * * 0"
   workflow_dispatch:
 

From f7d5cbe0a1752b4bd255a65a9e9959c2f2521bf9 Mon Sep 17 00:00:00 2001
From: Potato <tanxinyu@apache.org>
Date: Wed, 17 Dec 2025 23:36:16 +0800
Subject: [PATCH 15/16] Update .github/workflows/vulnerability-check.yaml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .github/workflows/vulnerability-check.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/vulnerability-check.yaml b/.github/workflows/vulnerability-check.yaml
index 35991681ec..73ad2cc25a 100644
--- a/.github/workflows/vulnerability-check.yaml
+++ b/.github/workflows/vulnerability-check.yaml
@@ -54,11 +54,11 @@ jobs:
         run: |
           utc_time="${{ github.run_started_at }}"
           target_time=$(TZ=Asia/Shanghai date -d "$utc_time" +"%Y-%m-%d")
-          echo "DATE_SHANGHAI=$target_time" >> $GITHUB_ENV
+          echo "REPORT_DATE=$target_time" >> $GITHUB_ENV
 
       - name: Upload Artifact
         uses: actions/upload-artifact@v4
         with:
-          name: vulnerability-check-result-${{ env.DATE_SHANGHAI }}
+          name: vulnerability-check-result-${{ env.REPORT_DATE }}
           path: target/dependency-check-report.html
           retention-days: 15
\ No newline at end of file

From 122847bc759ae96ce086dc495f34d13e33899116 Mon Sep 17 00:00:00 2001
From: Potato <tanxinyu@apache.org>
Date: Wed, 17 Dec 2025 23:36:26 +0800
Subject: [PATCH 16/16] Update .github/workflows/vulnerability-check.yaml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .github/workflows/vulnerability-check.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vulnerability-check.yaml b/.github/workflows/vulnerability-check.yaml
index 73ad2cc25a..49d4fa80ac 100644
--- a/.github/workflows/vulnerability-check.yaml
+++ b/.github/workflows/vulnerability-check.yaml
@@ -50,7 +50,7 @@ jobs:
         shell: bash
         run: mvn $MAVEN_ARGS org.owasp:dependency-check-maven:aggregate -DossIndexUsername=${{ secrets.OSS_INDEX_USER }} -DossIndexPassword=${{ secrets.OSS_INDEX_TOKEN }} -DnvdApiKey=${{ secrets.NVD_API_KEY }}
 
-      - name: Convert UTC to China Standard Time and Extract Date
+      - name: Generate report date for artifact name
         run: |
           utc_time="${{ github.run_started_at }}"
           target_time=$(TZ=Asia/Shanghai date -d "$utc_time" +"%Y-%m-%d")