From 36f32850a103b7ce929c4a9e345d8eda0bbd461e Mon Sep 17 00:00:00 2001
From: John Leacox <johnlcox@users.noreply.github.com>
Date: Mon, 29 Jan 2018 09:24:50 -0600
Subject: [PATCH] Add dependency-check plugin (#80)

---
 dependency-check-suppressions.xml | 19 ++++++++++++++
 pom.xml                           | 41 ++++++++++++++++++++++++++++++-
 2 files changed, 59 insertions(+), 1 deletion(-)
 create mode 100644 dependency-check-suppressions.xml

diff --git a/dependency-check-suppressions.xml b/dependency-check-suppressions.xml
new file mode 100644
index 00000000..2a1b4bce
--- /dev/null
+++ b/dependency-check-suppressions.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+  <!-- This CVE is regarding the javascript not the Java implementation -->
+  <suppress>
+    <notes><![CDATA[
+   file name: compiler-0.9.5.jar
+   ]]></notes>
+    <gav regex="true">^com\.github\.spullara\.mustache\.java:compiler:.*$</gav>
+    <cve>CVE-2015-8862</cve>
+  </suppress>
+  <!-- This CVE is regarding xzgrep not the Java implementation -->
+  <suppress>
+    <notes><![CDATA[
+   file name: xz-1.8.jar
+   ]]></notes>
+    <gav regex="true">^org\.tukaani:xz:.*$</gav>
+    <cve>CVE-2015-4035</cve>
+  </suppress>
+</suppressions>
diff --git a/pom.xml b/pom.xml
index 967aa39d..2ec1dedf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -87,7 +87,7 @@
   <properties>
     <beadledom.url>http://cerner.github.io/beadledom/${project.version}</beadledom.url>
     <java.version>1.8</java.version>
-    <scala.version>2.11.7</scala.version>
+    <scala.version>2.11.12</scala.version>
     <scala.binary.version>2.11</scala.binary.version>
     <governator.version>1.17.4</governator.version>
     <jackson.version>2.9.2</jackson.version>
@@ -462,6 +462,11 @@
         <artifactId>stagemonitor-web</artifactId>
         <version>${stagemonitor.version}</version>
       </dependency>
+      <dependency>
+        <groupId>org.tukaani</groupId>
+        <artifactId>xz</artifactId>
+        <version>1.8</version>
+      </dependency>
 
       <!--Test Dependencies-->
       <dependency>
@@ -476,12 +481,30 @@
         <version>2.12.0</version>
         <scope>test</scope>
       </dependency>
+      <dependency>
+        <groupId>org.scala-lang</groupId>
+        <artifactId>scalap</artifactId>
+        <version>${scala.version}</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>org.scala-lang</groupId>
+        <artifactId>scala-compiler</artifactId>
+        <version>${scala.version}</version>
+        <scope>test</scope>
+      </dependency>
       <dependency>
         <groupId>org.scala-lang</groupId>
         <artifactId>scala-library</artifactId>
         <version>${scala.version}</version>
         <scope>test</scope>
       </dependency>
+      <dependency>
+        <groupId>org.scala-lang</groupId>
+        <artifactId>scala-reflect</artifactId>
+        <version>${scala.version}</version>
+        <scope>test</scope>
+      </dependency>
       <dependency>
         <groupId>org.scalacheck</groupId>
         <artifactId>scalacheck_${scala.binary.version}</artifactId>
@@ -656,6 +679,22 @@
           </dependency>
         </dependencies>
       </plugin>
+      <plugin>
+        <groupId>org.owasp</groupId>
+        <artifactId>dependency-check-maven</artifactId>
+        <version>3.1.0</version>
+        <configuration>
+          <failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
+          <suppressionFile>dependency-check-suppressions.xml</suppressionFile>
+        </configuration>
+        <executions>
+          <execution>
+            <goals>
+              <goal>aggregate</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
       <plugin>
         <groupId>com.github.spotbugs</groupId>
         <artifactId>spotbugs-maven-plugin</artifactId>