Replaced OWASP Dependency Check with Sonatype and it worked flawlessly. Sonatype previously allowed for anonymous request for CVE scans but these days, one needs to create an account and create a user token. So basically, pom updates only.
Run mvn verify to scan the project. Ended up with 17 CVE vulnerability findings. Excluded tests related dependencies and the findings went down a few. Upgraded to Spring Boot 3.5.15 removed almost all the CVE vulnerability findings and finally upgraded logback version.The cvss score threshold used is 7.
Made a latest stable release.