This project is a quick demonstration of how to use the OWASP Dependency Check plugin.
Import the dependency in your project and configure it as you want. In this case, we want the pipelines to fail if any vulnerability with a score CVSS >= 7.
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>6.5.0</version>
<configuration>
<failBuildOnCVSS>7</failBuildOnCVSS>
<suppressionFiles>
<suppressionFile>owasp-dependency-check-suppressions.xml</suppressionFile>
</suppressionFiles>
</configuration>
</plugin>
</plugins>
</build>
If you want to start the depenency check, just launch the following command:
mvn dependency-check:check
Once it finishes, the report with the results will be generated inside the target folder.