From 2da0cccfbe0c03d8aab68b2ce9ba7ec4c765b711 Mon Sep 17 00:00:00 2001 From: Sigee Date: Sun, 23 Jul 2023 12:54:19 +0200 Subject: [PATCH] Add owasp dependency check to the pipeline --- .travis.yml | 4 ++-- build.gradle | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index f7ea34e0..a820f878 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,11 +19,11 @@ install: - gem install --no-document faraday -v 1.10.1 - gem install --no-document faraday-net_http -v 2.1.0 - gem install --no-document public_suffix -v 4.0.7 - - gem install --no-document octokit -v 4.25.1 + - gem install --no-document octokit -v 4.25.1 - gem install --no-document chandler -v 0.7.0 script: - - ./gradlew prepareForCiBuild -s -i -Prelease.disableChecks && ./gradlew funcTest ciBuild -s -i -Pcompatibility -Prelease.disableChecks -PpluginPortal -PchangelogSync + - ./gradlew prepareForCiBuild -s -i -Prelease.disableChecks && ./gradlew funcTest ciBuild -s -i -Pcompatibility -Prelease.disableChecks -PpluginPortal -PchangelogSync && ./gradlew dependencyCheckAnalyze cache: directories: diff --git a/build.gradle b/build.gradle index dee5f9b3..0d018cd6 100644 --- a/build.gradle +++ b/build.gradle @@ -4,6 +4,7 @@ apply plugin: 'codenarc' apply from: "$rootDir/gradle/cdeliveryboy-release.gradle" apply from: "$rootDir/gradle/report-version-consistency-check.gradle" apply plugin: "com.github.ben-manes.versions" +apply plugin: 'org.owasp.dependencycheck' buildscript { repositories { @@ -19,6 +20,7 @@ buildscript { classpath 'io.codearte.gradle.nexus:gradle-nexus-staging-plugin:0.30.0' //override version for more reliable releasing from Travis classpath 'com.gradle.publish:plugin-publish-plugin:0.16.0' classpath 'com.github.ben-manes:gradle-versions-plugin:0.42.0' + classpath 'org.owasp:dependency-check-gradle:8.2.1' } }