When using an external DB such as MSSQL (in my case) for the CVE cache, is it possible to use integrated security, where the user executing the process is used to authenticate to the DB, instead of explicitly defining a user/password to use for authentication? As far as I can tell, if the user/password is not explicitly set, it will default to the dcuser and hard-coded password specified in
org.owasp.dependencycheck.data.nvdcve.ConnectionFactory - am I missing something?
(not entirely sure, but based on some of the stuff I found on stackoverflow, this may be a limitation of the MS provided MSSQL JDBC driver itself ...)
Thanks!