For the first problem the first option can be by separating OWASP Dependency Check from the main pipeline and running it in a scheduled job because it adds a long extra time as it downloads and scans the historical dependency database. Along with that using CICD tool's caching mechanism depending on the tool such as Gitlab's CodeCommit's caching mechanisms.
Together with the first option can be done by separating the build step from unit tests and coverage so the team can get faster feedback and can focus on debugging the step thats causing the problem. Also, depending on the stage the project is at, unit tests can be entirely avoided if there are frequent rewrites in the code and the team needs much faster feedback. Therefore it can be implemented until the code is ready enough to face unit tests and follow test-driven dev process.
Also, security and integration test shouldn't come before unit tests as they're the most basic ones. Also its a good appraoch to run code q