Implement Maven dependency checker

.drone.yml

@@ -25,6 +25,12 @@ steps:
     commands:
       - mvn test --no-transfer-progress -B -V
 
+  # check maven dependencies
+  - name: dependency-check
+    image: maven:3-eclipse-temurin-16
+    commands:
+      - mvn dependency-check:check --no-transfer-progress -B -V
+
   # run code analysis
   - name: code-analysis
     image: maven:3-eclipse-temurin-16

pom.xml

@@ -12,6 +12,9 @@
         <maven.compiler.source>16</maven.compiler.source>
         <maven.compiler.target>16</maven.compiler.target>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <sonar.dependencyCheck.htmlReportPath>./target/dependency-check-report.html</sonar.dependencyCheck.htmlReportPath>
+        <sonar.dependencyCheck.jsonReportPath>./target/dependency-check-report.json</sonar.dependencyCheck.jsonReportPath>
+        <sonar.dependencyCheck.summarize>true</sonar.dependencyCheck.summarize>
     </properties>
 
     <dependencies>
@@ -138,6 +141,18 @@
                 <version>3.9.1.2184</version>
             </plugin>
 
+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                <version>8.0.0</version>
+                <configuration>
+                    <formats>
+                        <format>html</format>
+                        <format>json</format>
+                    </formats>
+                </configuration>
+            </plugin>
+
         </plugins>
     </build>