OWASP Dependency Check

This project is a quick demonstration of how to use the OWASP Dependency Check plugin.

Configure the plugin

Import the dependency in your project and configure it as you want. In this case, we want the pipelines to fail if any vulnerability with a score CVSS >= 7.

<build>
    <plugins>
        <plugin>
            <groupId>org.owasp</groupId>
            <artifactId>dependency-check-maven</artifactId>
            <version>6.5.0</version>
            <configuration>
                <failBuildOnCVSS>7</failBuildOnCVSS>
                <suppressionFiles>
                    <suppressionFile>owasp-dependency-check-suppressions.xml</suppressionFile>
                </suppressionFiles>
            </configuration>
        </plugin>
    </plugins>
</build>

How to execute

If you want to start the depenency check, just launch the following command:

mvn dependency-check:check

Once it finishes, the report with the results will be generated inside the target folder.

Name		Name	Last commit message	Last commit date
Latest commit History 19 Commits
.mvn/wrapper		.mvn/wrapper
src		src
.gitignore		.gitignore
Jenkinsfile		Jenkinsfile
README.md		README.md
mvnw		mvnw
mvnw.cmd		mvnw.cmd
owasp-dependency-check-suppressions.xml		owasp-dependency-check-suppressions.xml
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.mvn/wrapper

.mvn/wrapper

src

src

.gitignore

.gitignore

Jenkinsfile

Jenkinsfile

README.md

README.md

mvnw

mvnw

mvnw.cmd

mvnw.cmd

owasp-dependency-check-suppressions.xml

owasp-dependency-check-suppressions.xml

pom.xml

pom.xml

Repository files navigation

OWASP Dependency Check

Configure the plugin

How to execute

About

Releases

Packages

Languages

binary-mindset/demo-owasp-check

Folders and files

Latest commit

History

Repository files navigation

OWASP Dependency Check

Configure the plugin

How to execute

About

Resources

Stars

Watchers

Forks

Languages