From 7a6800a20af6a66196522936d9e40f1013fe9649 Mon Sep 17 00:00:00 2001
From: Nicolas Kosinski <nicokosi@users.noreply.github.com>
Date: Thu, 2 May 2024 05:55:01 +0200
Subject: [PATCH] Check for security vulnerabilities

Use Gradle dependency-check plugin to check for security
vulnerabilities.

Command:

   ./gradlew dependencyCheckAnalyze

Documentation:
https://jeremylong.github.io/DependencyCheck/dependency-check-cli
https://github.com/dependency-check/dependency-check-gradle
---
 .github/workflows/ci.yml |  3 +++
 .gitignore               |  1 +
 build.gradle.kts         | 10 ++++++++++
 3 files changed, 14 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fb10ddc..7c84c73 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,3 +20,6 @@ jobs:
 
       - name: Build with Gradle
         run: ./gradlew build
+
+      - name: Check for security vulnerabilities
+        run: ./gradlew dependencyCheckAnalyze --nvdApiKey ${{ secrets.NVD_API_KEY }}
diff --git a/.gitignore b/.gitignore
index 514bf29..ff717ff 100644
--- a/.gitignore
+++ b/.gitignore
@@ -224,3 +224,4 @@ gradle-app.setting
 
 # My stuff 🙂
 pullpitoK.build_artifacts.txt
+/dependency-check-report.html
diff --git a/build.gradle.kts b/build.gradle.kts
index 438b1ba..535224f 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -7,6 +7,7 @@ plugins {
     id("com.adarshr.test-logger") version "4.0.0"
     id("com.diffplug.spotless") version "6.25.0"
     id("org.sonarqube") version "5.1.0.4882"
+    id("org.owasp.dependencycheck") version "9.1.0" apply false
     application
 }
 
@@ -18,6 +19,7 @@ repositories {
 dependencies {
     implementation("com.fasterxml.jackson.core:jackson-databind:2.17.2")
     implementation("org.jetbrains.kotlin:kotlin-stdlib")
+    implementation("org.owasp:dependency-check-gradle:9.1.0")
     testImplementation("org.jetbrains.kotlin:kotlin-test")
     testImplementation("org.jetbrains.kotlin:kotlin-test-junit")
     testImplementation("com.github.tomakehurst:wiremock-jre8:3.0.1")
@@ -79,3 +81,11 @@ tasks.register<Jar>("uberJar") {
         configurations.runtimeClasspath.get().filter { it.name.endsWith("jar") }.map { zipTree(it) }
     })
 }
+
+allprojects {
+    apply(plugin = "org.owasp.dependencycheck")
+}
+
+configure<org.owasp.dependencycheck.gradle.extension.DependencyCheckExtension> {
+    format = org.owasp.dependencycheck.reporting.ReportGenerator.Format.ALL.toString()
+}