I have tried upgrading from 8.4.3 to 9.0,9, and see the note about the nvd api key. I have acquired a key for our installation and have added it to the ant target. Now when dependency check runs i get hundreds of lines such as

[dependency-check] NVD API request failures are occurring; retrying request for the 10 time

[2024-02-15T00:09:43.001Z] [dependency-check] Recoverable I/O exception (java.net.SocketException) caught when processing request to {s}->https://services.nvd.nist.gov:443

is there anything else that needs doing besides adding the

<dependency-check .... nvdApiKey="${nvd.key}" .. />

?

i get that via

    <property url="http://maven.us.acme.com:8080/archiva/repository/internal/com/acme/cegbu/nvd/nvd-api-key/24.4/nvd-api-key-24.4.properties"/>
    
    and when i <echo message="${nvd.key}"/> it is correct

Do you use a proxy? If so, you should set the https proxy information via environment setting JAVA_TOOL_OPTIONS. The command line parameter doesn't work anymore since it is a https connection now.
I use:
JAVA_TOOL_OPTIONS=-Dhttps.proxyHost=xxx -Dhttps.proxyPort=8080 -Dhttp.proxyHost=xxx -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts=localhost|.xxx.nl|.intern