pipeline {
    agent any

    stages {
        stage('Security Scan') {
            steps {
                withCredentials([string(credentialsId: 'nvd-api-key', variable: 'NVD_API_KEY')]) {
                    // Run OWASP Dependency Check using the specific installation configured in Jenkins
                    // Using NVD API Key to avoid rate limiting
                    dependencyCheck additionalArguments: "--scan ./ --format ALL --nvdApiKey ${NVD_API_KEY}", odcInstallation: 'depcheck'
                }
            }
        }
    }

    post {
        always {
            // Publish the results
            dependencyCheckPublisher pattern: 'dependency-check-report.xml'
            
            // Archive the reports
            archiveArtifacts allowEmptyArchive: true, artifacts: 'dependency-check-report.html'
        }
    }
}