Implement Maven dependency checker

2023-01-16 05:24:40 +01:00 · 2023-01-16 05:24:40 +01:00 · 4f615378a6
commit 4f615378a6
parent 118979bde4
2 changed files with 21 additions and 0 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -25,6 +25,12 @@ steps:
    commands:
      - mvn test --no-transfer-progress -B -V

+  # check maven dependencies
+  - name: dependency-check
+    image: maven:3-eclipse-temurin-16
+    commands:
+      - mvn dependency-check:check --no-transfer-progress -B -V
+
  # run code analysis
  - name: code-analysis
    image: maven:3-eclipse-temurin-16
--- a/pom.xml
+++ b/pom.xml
@ -12,6 +12,9 @@
        <maven.compiler.source>16</maven.compiler.source>
        <maven.compiler.target>16</maven.compiler.target>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <sonar.dependencyCheck.htmlReportPath>./target/dependency-check-report.html</sonar.dependencyCheck.htmlReportPath>
+        <sonar.dependencyCheck.jsonReportPath>./target/dependency-check-report.json</sonar.dependencyCheck.jsonReportPath>
+        <sonar.dependencyCheck.summarize>true</sonar.dependencyCheck.summarize>
    </properties>

    <dependencies>
@ -138,6 +141,18 @@
                <version>3.9.1.2184</version>
            </plugin>

+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                <version>8.0.0</version>
+                <configuration>
+                    <formats>
+                        <format>html</format>
+                        <format>json</format>
+                    </formats>
+                </configuration>
+            </plugin>
+
        </plugins>
    </build>