Check for security vulnerabilities

Use Gradle dependency-check plugin to check for security vulnerabilities. Command: ./gradlew dependencyCheckAnalyze Documentation: https://jeremylong.github.io/DependencyCheck/dependency-check-cli https://github.com/dependency-check/dependency-check-gradle
nicokosi · Nov 4, 2024 · 7a6800a · 7a6800a
1 parent 62546e5
commit 7a6800a
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -20,3 +20,6 @@ jobs:
 
       - name: Build with Gradle
         run: ./gradlew build
+
+      - name: Check for security vulnerabilities
+        run: ./gradlew dependencyCheckAnalyze --nvdApiKey ${{ secrets.NVD_API_KEY }}
diff --git a/.gitignore b/.gitignore
@@ -224,3 +224,4 @@ gradle-app.setting
 
 # My stuff 🙂
 pullpitoK.build_artifacts.txt
+/dependency-check-report.html
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -7,6 +7,7 @@ plugins {
     id("com.adarshr.test-logger") version "4.0.0"
     id("com.diffplug.spotless") version "6.25.0"
     id("org.sonarqube") version "5.1.0.4882"
+    id("org.owasp.dependencycheck") version "9.1.0" apply false
     application
 }
 
@@ -18,6 +19,7 @@ repositories {
 dependencies {
     implementation("com.fasterxml.jackson.core:jackson-databind:2.17.2")
     implementation("org.jetbrains.kotlin:kotlin-stdlib")
+    implementation("org.owasp:dependency-check-gradle:9.1.0")
     testImplementation("org.jetbrains.kotlin:kotlin-test")
     testImplementation("org.jetbrains.kotlin:kotlin-test-junit")
     testImplementation("com.github.tomakehurst:wiremock-jre8:3.0.1")
@@ -79,3 +81,11 @@ tasks.register<Jar>("uberJar") {
         configurations.runtimeClasspath.get().filter { it.name.endsWith("jar") }.map { zipTree(it) }
     })
 }
+
+allprojects {
+    apply(plugin = "org.owasp.dependencycheck")
+}
+
+configure<org.owasp.dependencycheck.gradle.extension.DependencyCheckExtension> {
+    format = org.owasp.dependencycheck.reporting.ReportGenerator.Format.ALL.toString()
+}