From b5cfc24e7605f122ec069e5bdcbc7a3278dc4303 Mon Sep 17 00:00:00 2001 From: Nicolas Kosinski Date: Thu, 2 May 2024 05:55:01 +0200 Subject: [PATCH] Check for security vulnerabilities Use Gradle dependency-check plugin to check for security vulnerabilities. Command: ./gradlew dependencyCheckAnalyze Documentation: https://jeremylong.github.io/DependencyCheck/dependency-check-cli https://github.com/dependency-check/dependency-check-gradle --- .github/workflows/ci.yml | 3 +++ .gitignore | 1 + build.gradle.kts | 10 ++++++++++ 3 files changed, 14 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2032b5a..0506b15 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,3 +20,6 @@ jobs: - name: Build with Gradle run: ./gradlew build + + - name: Check for security vulnerabilities + run: ./gradlew dependencyCheckAnalyze --nvdApiKey ${{ secrets.NVD_API_KEY }} diff --git a/.gitignore b/.gitignore index 514bf29..ff717ff 100644 --- a/.gitignore +++ b/.gitignore @@ -224,3 +224,4 @@ gradle-app.setting # My stuff 🙂 pullpitoK.build_artifacts.txt +/dependency-check-report.html diff --git a/build.gradle.kts b/build.gradle.kts index 86ea326..068fea3 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -7,6 +7,7 @@ plugins { id("com.adarshr.test-logger") version "4.0.0" id("com.diffplug.spotless") version "6.25.0" id("org.sonarqube") version "4.4.1.3373" + id("org.owasp.dependencycheck") version "9.1.0" apply false application } @@ -18,6 +19,7 @@ repositories { dependencies { implementation("com.fasterxml.jackson.core:jackson-databind:2.17.0") implementation("org.jetbrains.kotlin:kotlin-stdlib") + implementation("org.owasp:dependency-check-gradle:9.1.0") testImplementation("org.jetbrains.kotlin:kotlin-test") testImplementation("org.jetbrains.kotlin:kotlin-test-junit") testImplementation("com.github.tomakehurst:wiremock-jre8:3.0.1") @@ -79,3 +81,11 @@ tasks.register("uberJar") { configurations.runtimeClasspath.get().filter { it.name.endsWith("jar") }.map { zipTree(it) } }) } + +allprojects { + apply(plugin = "org.owasp.dependencycheck") +} + +configure { + format = org.owasp.dependencycheck.reporting.ReportGenerator.Format.ALL.toString() +} \ No newline at end of file