From 4f615378a6fbbfab6bedf91d312a03eeb3241706 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beatrice=20Dellac=C3=A0?= <hello@beatrice.wtf>
Date: Mon, 16 Jan 2023 05:24:40 +0100
Subject: [PATCH] Implement Maven dependency checker

---
 .drone.yml |  6 ++++++
 pom.xml    | 15 +++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/.drone.yml b/.drone.yml
index dcd53b0..e29ea3e 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -25,6 +25,12 @@ steps:
     commands:
       - mvn test --no-transfer-progress -B -V
 
+  # check maven dependencies
+  - name: dependency-check
+    image: maven:3-eclipse-temurin-16
+    commands:
+      - mvn dependency-check:check --no-transfer-progress -B -V
+
   # run code analysis
   - name: code-analysis
     image: maven:3-eclipse-temurin-16
diff --git a/pom.xml b/pom.xml
index 6b28781..1b177dd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,6 +12,9 @@
         <maven.compiler.source>16</maven.compiler.source>
         <maven.compiler.target>16</maven.compiler.target>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <sonar.dependencyCheck.htmlReportPath>./target/dependency-check-report.html</sonar.dependencyCheck.htmlReportPath>
+        <sonar.dependencyCheck.jsonReportPath>./target/dependency-check-report.json</sonar.dependencyCheck.jsonReportPath>
+        <sonar.dependencyCheck.summarize>true</sonar.dependencyCheck.summarize>
     </properties>
 
     <dependencies>
@@ -138,6 +141,18 @@
                 <version>3.9.1.2184</version>
             </plugin>
 
+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                <version>8.0.0</version>
+                <configuration>
+                    <formats>
+                        <format>html</format>
+                        <format>json</format>
+                    </formats>
+                </configuration>
+            </plugin>
+
         </plugins>
     </build>