diff --git a/build.gradle.kts b/build.gradle.kts index 6670b6a..fcd26b8 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -3,6 +3,17 @@ import com.github.jengelman.gradle.plugins.shadow.tasks.ShadowJar plugins { id("org.openrewrite.build.recipe-library") version "latest.release" id("com.github.johnrengelman.shadow") version "latest.release" + id("org.owasp.dependencycheck") version "latest.release" +} + +dependencyCheck { + analyzers.assemblyEnabled = false + analyzers.nodeAuditEnabled = false + analyzers.nodeEnabled = false + failBuildOnCVSS = System.getenv("FAIL_BUILD_ON_CVSS")?.toFloatOrNull() ?: 9.0F + format = System.getenv("DEPENDENCY_CHECK_FORMAT") ?: "HTML" + nvd.apiKey = System.getenv("NVD_API_KEY") + suppressionFile = "suppressions.xml" } group = "org.openrewrite.recipe" diff --git a/suppressions.xml b/suppressions.xml index 142eecd..d6740c5 100644 --- a/suppressions.xml +++ b/suppressions.xml @@ -40,4 +40,30 @@ ^pkg:maven/org\.springframework/spring-webflux@.*$ CVE-2024-38816 - \ No newline at end of file + + + CVE-2019-11402 + CVE-2019-11403 + CVE-2019-15052 + CVE-2020-11979 + CVE-2021-29427 + CVE-2021-29428 + CVE-2021-32751 + CVE-2021-41589 + CVE-2022-25364 + CVE-2023-35947 + CVE-2023-45161 + CVE-2023-45163 + CVE-2023-49238 + CVE-2023-5964 + + + + CVE-2016-1000027 + +