From 72ac61300d436c1e1a611e2e5bb887f233e42cbb Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Tue, 8 Oct 2024 14:10:00 +0200
Subject: [PATCH] document OWASP_API_KEY

---
 README.md | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e1d1515b..308d5c51 100644
--- a/README.md
+++ b/README.md
@@ -497,9 +497,19 @@ We'll see if this changes when the project progresses and more validations are a
 
 ### OWASP Security Vulnerability Check
 
-An OWASP security vulnerability is configured and can be utilized by running:
+An OWASP security vulnerability is configured, but you need an API key.
+Fetch it from https://nvd.nist.gov/developers/request-an-api-key.
+
+Then add it to your `~/.gradle/gradle.properties` file:
+
+```
+OWASP_API_KEY=........-....-....-....-............
+```
+
+Now you can run the dependency vulnerability check:
 
 ```shell
+gw dependencyCheckUpdate
 gw dependencyCheckAnalyze
 ```