issue_887: Added OWASP plugin. First run took about 40 minutes. Subsequent runs took about 2-4 minutes. Plugin downloads the NVD (National Vulnerability Database) the very first time the user runs the analyzeDependency command (assuming said user does not already have it cached somewhereon their system. Once downloaded, the plugin checks the subprojects dependenies against that of the NVD's and creates an HTML report per subproject on all the critical dependencies subproject has.
Some checks failed
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Has been cancelled
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Has been cancelled
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Has been cancelled
HIRS System Tests / DockerTests (push) Has been cancelled
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Has been cancelled

This commit is contained in:
TheSilentCoder 2024-12-20 15:17:43 -05:00
parent dcc2962b99
commit 9606b2abe0

View File

@ -7,6 +7,7 @@ plugins {
id 'application'
id 'checkstyle'
id 'com.github.spotbugs' version '6.0.13' apply false
id 'org.owasp.dependencycheck' version '11.1.1'
id 'java'
}
@ -17,6 +18,7 @@ subprojects {
apply plugin: "com.github.spotbugs"
apply plugin: "java"
apply plugin: "checkstyle"
apply plugin: "org.owasp.dependencycheck"
repositories {
flatDir { dirs "lib" }