Added OWASP check

.gitlab-ci.yml

@@ -3,6 +3,7 @@ image: maven:3.8.4-openjdk-17
 stages:
   - test
   - sonar
+  . owasp
 
 variables:
   MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
@@ -12,6 +13,13 @@ cache:
   paths:
     - .m2/repository
 
+owasp:
+  stage: owasp
+  script:
+  - mvn $MAVEN_CLI_OPTS -Denforcer.skip clean dependency-check:check
+  only:
+  - schedules
+
 test:
   stage: test
   script: mvn $MAVEN_CLI_OPTS clean verify

pom.xml

@@ -109,6 +109,33 @@
 					</dependency>
 				</dependencies>
 			</plugin>
+						<plugin>
+					<groupId>org.owasp</groupId>
+					<artifactId>dependency-check-maven</artifactId>
+					<version>7.1.1</version>
+					<configuration>
+						<cveValidForHours>12</cveValidForHours>
+						<failBuildOnCVSS>1</failBuildOnCVSS>
+						<!--
+						<suppressionFiles>
+							<suppressionFile>${maven.multiModuleProjectDirectory}/owasp-suppression.xml</suppressionFile>
+						</suppressionFiles>
+						-->
+						<assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
+						<composerAnalyzerEnabled>false</composerAnalyzerEnabled>
+						<nodeAuditAnalyzerEnabled>false</nodeAuditAnalyzerEnabled>
+						<nuspecAnalyzerEnabled>false</nuspecAnalyzerEnabled>
+						<cocoapodsAnalyzerEnabled>false</cocoapodsAnalyzerEnabled>
+						<golangDepEnabled>false</golangDepEnabled>
+					</configuration>
+					<executions>
+						<execution>
+							<goals>
+								<goal>check</goal>
+							</goals>
+						</execution>
+					</executions>
+				</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-javadoc-plugin</artifactId>