add owasp dependency scan (#4)

th2-net · Jun 12, 2023 · 825a9c6 · 825a9c6
1 parent a06b09c
commit 825a9c6
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 4 deletions.
diff --git a/build.gradle b/build.gradle
@@ -3,6 +3,7 @@ plugins {
     id 'signing'
     id 'maven-publish'
     id "io.github.gradle-nexus.publish-plugin" version "1.0.0"
+    id "org.owasp.dependencycheck" version "8.1.0"
 }
 
 group = 'com.exactpro.th2'
@@ -21,9 +22,20 @@ repositories {
 }
 
 dependencies {
-    testImplementation 'org.assertj:assertj-core:3.23.1'
-    testImplementation 'org.junit.jupiter:junit-jupiter-api:5.9.0'
-    testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.9.0'
+    testImplementation 'org.assertj:assertj-core:3.24.2'
+    testImplementation 'org.junit.jupiter:junit-jupiter-api:5.9.2'
+    testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.9.2'
+}
+
+dependencyCheck {
+    formats=['SARIF', 'JSON', 'HTML']
+    failBuildOnCVSS=5
+
+    analyzers {
+        assemblyEnabled = false
+        nugetconfEnabled = false
+        nodeEnabled = false
+    }
 }
 
 test {

diff --git a/gradle.properties b/gradle.properties
@@ -14,6 +14,6 @@
 # limitations under the License.
 #
 
-release_version = 0.1.1
+release_version = 0.1.2
 description = "Task managenet utility classes"
 vcs_url = https://github.com/th2-net/th2-task-utils