diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index fce676d5c..cb4f530e1 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -200,6 +200,7 @@ jobs:
run: >-
./mvnw
-B
+ -Pdependency-scan
-T8
-U
--no-transfer-progress
@@ -211,3 +212,12 @@ jobs:
-Dmaven.test.skip
-Dmaven.wagon.httpconnectionManager.ttlSeconds=120
verify
+
+ - name: Archive Dependency Scan reports
+ uses: actions/upload-artifact@v3
+ if: always()
+ with:
+ name: dependency-scan-report
+ path: |
+ **/target/dependency-check-report.html
+ retention-days: 30
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 9df03a498..bf453d5a6 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -145,6 +145,7 @@ jobs:
run: >-
./mvnw
-B
+ -Pdependency-scan
-T8
-U
--no-transfer-progress
@@ -156,3 +157,12 @@ jobs:
-Dmaven.test.skip
-Dmaven.wagon.httpconnectionManager.ttlSeconds=120
verify
+
+ - name: Archive Dependency Scan reports
+ uses: actions/upload-artifact@v3
+ if: always()
+ with:
+ name: dependency-scan-report
+ path: |
+ **/target/dependency-check-report.html
+ retention-days: 30
diff --git a/acceptance-tests/pom.xml b/acceptance-tests/pom.xml
index f98db9b09..04c190b6f 100644
--- a/acceptance-tests/pom.xml
+++ b/acceptance-tests/pom.xml
@@ -33,6 +33,7 @@
true
true
true
+ true
diff --git a/java-compiler-testing/security-suppressions.xml b/java-compiler-testing/security-suppressions.xml
new file mode 100644
index 000000000..06f45d44d
--- /dev/null
+++ b/java-compiler-testing/security-suppressions.xml
@@ -0,0 +1,4 @@
+
+
+
+
diff --git a/pom.xml b/pom.xml
index cd1e1b6c9..d98eceefc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -57,6 +57,7 @@
2.0.4
+ 7.3.2
2.1.0
0.8.8
4.1
@@ -87,11 +88,14 @@
-Xshare:off
+
+ false
+
UTF-8
-
+
https://github.com/ascopes
${project.organization.url}/java-compiler-testing
@@ -184,49 +188,6 @@
-
-
- org.codehaus.gmavenplus
- gmavenplus-plugin
- ${gmaven-plugin.version}
-
-
-
-
- addSources
- addTestSources
- compile
- compileTests
-
-
-
-
-
-
-
- org.jacoco
- jacoco-maven-plugin
- ${jacoco-maven-plugin.version}
-
-
-
- add-coverage-agent-to-surefire-args
- initialize
-
- prepare-agent
-
-
-
-
- report-coverage
- test
-
- report
-
-
-
-
-
org.apache.maven.plugins
@@ -281,7 +242,8 @@
https://docs.oracle.com/en/java/javase/11/docs/api
https://javadoc.io/doc/com.google.jimfs/jimfs/${jimfs.version}
https://javadoc.io/doc/com.google.code.findbugs/jsr305/${jsr305.version}
- https://javadoc.io/doc/org.apiguardian/apiguardian-api/${apiguardian.version}
+ https://javadoc.io/doc/org.apiguardian/apiguardian-api/${apiguardian.version}
+
https://javadoc.io/doc/org.assertj/assertj-core/${assertj.version}
https://javadoc.io/doc/org.slf4j/slf4j-api/${slf4j.version}
https://junit.org/junit5/docs/${junit.version}/api
@@ -331,6 +293,49 @@
+
+
+
+ org.codehaus.gmavenplus
+ gmavenplus-plugin
+ ${gmaven-plugin.version}
+
+
+
+
+ addSources
+ addTestSources
+ compile
+ compileTests
+
+
+
+
+
+
+
+ org.jacoco
+ jacoco-maven-plugin
+ ${jacoco-maven-plugin.version}
+
+
+
+ add-coverage-agent-to-surefire-args
+ initialize
+
+ prepare-agent
+
+
+
+
+ report-coverage
+ test
+
+ report
+
+
+
+
@@ -416,5 +421,40 @@
false
+
+
+ dependency-scan
+
+
+
+ org.owasp
+ dependency-check-maven
+ ${dependencycheck.version}
+
+
+ true
+
+ html
+ junit
+
+
+ ${skip-dependency-scan}
+ true
+ ${project.basedir}/security-suppressions.xml
+
+
+
+
+ dependency-scan
+ verify
+
+ check
+
+
+
+
+
+
+
diff --git a/security-suppressions.xml b/security-suppressions.xml
new file mode 100644
index 000000000..06f45d44d
--- /dev/null
+++ b/security-suppressions.xml
@@ -0,0 +1,4 @@
+
+
+
+