diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2032b5a..0506b15 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,3 +20,6 @@ jobs: - name: Build with Gradle run: ./gradlew build + + - name: Check for security vulnerabilities + run: ./gradlew dependencyCheckAnalyze --nvdApiKey ${{ secrets.NVD_API_KEY }} diff --git a/.gitignore b/.gitignore index 514bf29..ff717ff 100644 --- a/.gitignore +++ b/.gitignore @@ -224,3 +224,4 @@ gradle-app.setting # My stuff 🙂 pullpitoK.build_artifacts.txt +/dependency-check-report.html diff --git a/build.gradle.kts b/build.gradle.kts index 86ea326..068fea3 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -7,6 +7,7 @@ plugins { id("com.adarshr.test-logger") version "4.0.0" id("com.diffplug.spotless") version "6.25.0" id("org.sonarqube") version "4.4.1.3373" + id("org.owasp.dependencycheck") version "9.1.0" apply false application } @@ -18,6 +19,7 @@ repositories { dependencies { implementation("com.fasterxml.jackson.core:jackson-databind:2.17.0") implementation("org.jetbrains.kotlin:kotlin-stdlib") + implementation("org.owasp:dependency-check-gradle:9.1.0") testImplementation("org.jetbrains.kotlin:kotlin-test") testImplementation("org.jetbrains.kotlin:kotlin-test-junit") testImplementation("com.github.tomakehurst:wiremock-jre8:3.0.1") @@ -79,3 +81,11 @@ tasks.register("uberJar") { configurations.runtimeClasspath.get().filter { it.name.endsWith("jar") }.map { zipTree(it) } }) } + +allprojects { + apply(plugin = "org.owasp.dependencycheck") +} + +configure { + format = org.owasp.dependencycheck.reporting.ReportGenerator.Format.ALL.toString() +} \ No newline at end of file