Added documentation about running security scan on the project depend…

…encies Signed-off-by: Alberto Codutti <alberto.codutti@eurotech.com>
eclipse · Jan 15, 2023 · 943067f · 943067f
1 parent 2124147
commit 943067f
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/docs/developer-guide/en/building.md b/docs/developer-guide/en/building.md
@@ -4,7 +4,7 @@ We use Apache Maven as the build tool of choice.
 
 We use `gitbook` to build the documentation.
 
-## Kapua
+## How to build
 
 Kapua is being compiled with Maven. 
 
@@ -25,6 +25,15 @@ Again, add the `console` profile as well if needed:
 
     mvn clean install -Pdev,console -DskipTests=true
 
+## Security Scan
+
+You can perform the CVE scan of the project by running with the following command:
+
+`mvn verify -DskipTests -Psecurity-scan`
+
+Currently, is configured to run the scan and produce reports but not to fail in case of CVEs detected. 
+Reports can be found in the `target/security-scan/` directory of each module.
+
 ## Documentation
 
 Before you can build documentation, you need to install `gitbook`