From c205a10ec0ea77cd24141910b3e2915501785e7e Mon Sep 17 00:00:00 2001
From: James Brown <33660060+jamesbr3@users.noreply.github.com>
Date: Wed, 7 Nov 2018 09:00:19 +0000
Subject: [PATCH] ENT-2684 Fix owasp dependency checker to fail builds based on
 CVSS level (#4169)

OWASP Dependency Checker has been updated so that it can be configured to automatically fail a build when a vulnerable dependency is detected. This option is exposed through gradle settings, so that a build can be configured in TeamCity to pass/fail. This change is backward-compatible - i.e. it does not affect a build by default unless configured to do so.

Ability to fail a build is exposed by the new owasp.failBuildOnCVSS gradle property
By default this is set to '11.0' which will always pass a build even if a vulnerability is found (so will not affect anything by default)
Reduce the CVSS level between 0-10 to indicate what level to fail a build on
Example usage to catch Medium severity (and above) issues:

Configure gradle with the option -Powasp.failBuildOnCVSS=4
---
 build.gradle      | 3 +++
 gradle.properties | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/build.gradle b/build.gradle
index 7cfd603ad1..28a0247cb4 100644
--- a/build.gradle
+++ b/build.gradle
@@ -160,6 +160,9 @@ allprojects {
         suppressionFile = '.ci/dependency-checker/suppressedLibraries.xml'
         cveValidForHours = 1
         format = 'ALL'
+        failOnError = project.getProperty('owasp.failOnError')
+        // by default CVSS is '11' which passes everything. Set between 0-10 to catch vulnerable deps
+        failBuildOnCVSS = project.getProperty('owasp.failBuildOnCVSS').toFloat()
     }
     sourceCompatibility = 1.8
     targetCompatibility = 1.8
diff --git a/gradle.properties b/gradle.properties
index 0c6bf2d49f..3e359435f6 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,3 +1,5 @@
 kotlin.incremental=true
 org.gradle.jvmargs=-XX:+UseG1GC -Xmx1g -Dfile.encoding=UTF-8
 org.gradle.caching=true
+owasp.failOnError=false
+owasp.failBuildOnCVSS=11.0