update CI to more efficient CVE checking

.github/workflows/ci.yml

@@ -2,9 +2,13 @@ name: Slipway Test
 
 on: [push]
 
+env: # runner has 7g of ram
+  JVM_OPTS: -Xmx6G
+
 jobs:
 
-  clojure:
+  build:
+
     runs-on: ubuntu-latest 
 
     strategy:
@@ -31,7 +35,7 @@ jobs:
           java-version: '11'
 
       - name: Install clojure tools
-        uses: DeLaGuardo/setup-clojure@12.3
+        uses: DeLaGuardo/setup-clojure@13.0
         with:
           lein: 'latest' 
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -55,10 +59,19 @@ jobs:
       - name: Uberjar
         working-directory: ./${{ matrix.project }}
         run: lein uberjar
-
+      
       - name: NVD
-        working-directory: ./${{ matrix.project }}
-        run: ../scripts/dependency-checker.sh
+        uses: dependency-check/Dependency-Check_Action@main
+        env:
+          # actions/setup-java changes JAVA_HOME so it needs to be reset to match the depcheck image
+          JAVA_HOME: /opt/jdk
+        with:
+          project: ${{ matrix.project }}
+          path: ./target
+          format: 'HTML'
+          out: 'reports'
+          args: >
+            --suppression ./dependency-check-suppressions.xml
 
       - name: Persist NVD
         if: always()