Add snyk monitoring

Description
===========

This patch adds snyk monitoring to the build pipeline.
It will hook itself into the check and publish stages.

The patch also sets a dependency helper plugin net.wooga.cve-dependency-resolution
which applies overrides for dependencies with know fixes for security issues.

Changes
=======

* ![ADD] `snyk` monitoring
* ![ADD] `net.wooga.snyk-wdk-java` snyk convention plugin
* ![ADD] `net.wogoa.cve-dependency-resolution` plugin

Jenkinsfile

@@ -12,7 +12,8 @@ withCredentials([string(credentialsId: 'atlas_appcenter_integration_token', vari
 
                  string(credentialsId: 'atlas_appcenter_integration_application_owner', variable: 'appcenterOwner'),
                  string(credentialsId: 'atlas_appcenter_coveralls_token', variable: 'coveralls_token'),
-                 string(credentialsId: 'atlas_plugins_sonar_token', variable: 'sonar_token')
+                 string(credentialsId: 'atlas_plugins_sonar_token', variable: 'sonar_token'),
+                 string(credentialsId: 'atlas_plugins_snyk_token', variable: 'SNYK_TOKEN')
                  ]) {
 
     def testEnvironment = [

build.gradle

@@ -15,7 +15,10 @@
  */
 
 plugins {
-  id "net.wooga.plugins" version "2.2.3"
+    id "net.wooga.plugins" version "2.2.3"
+    id 'net.wooga.snyk' version '0.10.0'
+    id "net.wooga.snyk-gradle-plugin" version "0.2.0"
+    id "net.wooga.cve-dependency-resolution" version "0.4.0"
 }
 
 group 'net.wooga.gradle'
@@ -39,6 +42,10 @@ github {
     repositoryName = "wooga/atlas-appcenter"
 }
 
+cveHandler {
+    configurations("compileClasspath", "runtimeClasspath", "testCompileClasspath", "testRuntimeClasspath", "integrationTestCompileClasspath", "integrationTestRuntimeClasspath")
+}
+
 dependencies {
     implementation 'org.apache.httpcomponents:httpclient:4.5.13'
     implementation 'org.apache.httpcomponents:httpmime:4.5.13'