8.4. Dependency Security Scanning
8.4.1. OWASP Dependency-Check
OWASP Dependency-Check is used to detect dependencies with known security vulnerabilities (CVE).
xml
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>11.1.1</version>
<configuration>
<failBuildOnCVSS>7</failBuildOnCVSS>
<formats>
<format>HTML</format>
<format>JSON</format>
</formats>
</configuration>
</plugin>failBuildOnCVSS: Fails the build when vulnerabilities with a CVSS score of 7 or higher are detected.- This must be executed periodically in the CI pipeline.
bash
mvn dependency-check:check