Enabled maven OWASP (security check) plugin in all projects

[yurem]

Right now we enabled it only in oxAuth:

			<!-- OWASP plugin -->
			<plugin>
				<groupId>org.owasp</groupId>
				<artifactId>dependency-check-maven</artifactId>
				<executions>
					<execution>
						<goals>
							<goal>check</goal>
						</goals>
					</execution>
				</executions>
			</plugin>

Here is sample output about it scan:

...
00:00  INFO: Vulnerability found: jquery below 3.0.0-beta1
00:00  INFO: Vulnerability found: jquery below 2.2.0
00:00  INFO: Vulnerability found: jquery below 3.4.0
00:00  INFO: Vulnerability found: bootstrap below 3.4.1
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: bootstrap below 3.4.1
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: jquery below 3.0.0-beta1
00:00  INFO: Vulnerability found: jquery below 2.2.0
00:00  INFO: Vulnerability found: jquery below 3.4.0
00:01  INFO: Vulnerability found: moment.js below 2.11.2
...

[yuriyz]

We can also consider to use https://snyk.io/. It allows to open PR's with fixes. Advantage is that we don't have it inside pom.xml which slow down build time. We can run it once per week and send report. We can also put findbugs there (which consumes a lot of build time) ... Or otherwise if we want to keep it in pom then put it in maven profile and activate when needed to keep build time shorter.
Like 3 stages:

• build as fast as possible (no tests, no reports)
• build with tests, no reports
• build with tests and reports.