OWASP for Maven Dependency Check

Need to check for security issues in your Maven Dependencies? OWASP can be integrated into your Maven build process easily. A few simple steps to add this in:

  1. Open your pom.xml file
  2. Insert the following dependency into your dependencies list:
    <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    	<dependencies>
    		<dependency>
    			<groupId>org.owasp</groupId>
    			<artifactId>dependency-check-maven</artifactId>
    			<version>1.4.5</version>
    		</dependency>
    	</dependencies>
    </project>
  3. Next, we add the dependency check into the plugins:
    <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    	<build>
    		<plugins>
    			<plugin>
    				<groupId>org.owasp</groupId>
    				<artifactId>dependency-check-maven</artifactId>
    				<version>1.4.5</version>
    				<configuration>
    					<failBuildOnCVSS>8</failBuildOnCVSS>
    				</configuration>
    				<executions>
    					<execution>
    						<goals>
    							<goal>check</goal>
    						</goals>
    					</execution>
    				</executions>
    			</plugin>
    		</plugins>
    	</build>
    </project>

     

After running your build you can look for a file: target/dependency-check-report.html

Sample:
owasp dependency check report

Ghostprogrammer
  • Ghostprogrammer
  • I am known for being able to quickly decipher difficult problems to assist development teams in producing a solution. I have been called upon to be the Team Lead for multiple large-scale projects. I have a keen interest in learning new technologies, always ready for a new challenge.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: