Need to check for security issues in your Maven Dependencies? OWASP can be integrated into your Maven build process easily. A few simple steps to add this in:
- Open your pom.xml file
- Insert the following dependency into your dependencies list:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <dependencies> <dependency> <groupId>org.owasp</groupId> <artifactId>dependency-check-maven</artifactId> <version>1.4.5</version> </dependency> </dependencies> </project>
- Next, we add the dependency check into the plugins:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <build> <plugins> <plugin> <groupId>org.owasp</groupId> <artifactId>dependency-check-maven</artifactId> <version>1.4.5</version> <configuration> <failBuildOnCVSS>8</failBuildOnCVSS> </configuration> <executions> <execution> <goals> <goal>check</goal> </goals> </execution> </executions> </plugin> </plugins> </build> </project>
After running your build you can look for a file: target/dependency-check-report.html
Sample: