Add owasp check

dotasek · dotasek · commit 91de2fcb6241 · 2023-08-28T14:56:44.000-04:00
diff --git a/.github/workflows/owasp.yml b/.github/workflows/owasp.yml
@@ -0,0 +1,29 @@
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+  workflow_dispatch:
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - run: |
+          mvn -DskipTests install -P OWASP_CHECK
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: target/dependency-check-report.sarif
+          # Optional category for the results
+          # Used to differentiate multiple results for one commit
+
+          category: OWASP-dependency-check
diff --git a/owasp-suppression-file.xml b/owasp-suppression-file.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+</suppressions>
diff --git a/pom.xml b/pom.xml
@@ -64,6 +64,21 @@
 	</dependencies>
 
 	<build>
+		<pluginManagement>
+			<plugins>
+				<plugin>
+					<groupId>org.owasp</groupId>
+					<artifactId>dependency-check-maven</artifactId>
+					<version>8.2.1</version>
+					<configuration>
+						<suppressionFiles>
+							<suppressionFile>cve-suppression.xml</suppressionFile>
+						</suppressionFiles>
+						<formats>sarif,html</formats>
+					</configuration>
+				</plugin>
+			</plugins>
+		</pluginManagement>
 		<plugins>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
@@ -193,5 +208,32 @@
 				</plugins>
 			</build>
 		</profile>
+		<profile>
+			<id>OWASP_CHECK</id>
+			<build>
+				<plugins>
+					<plugin>
+						<groupId>org.owasp</groupId>
+						<artifactId>dependency-check-maven</artifactId>
+						<configuration>
+							<suppressionFiles>
+								<suppressionFile>owasp-suppression-file.xml</suppressionFile>
+							</suppressionFiles>
+						</configuration>
+						<executions>
+							<execution>
+								<goals>
+									<goal>check</goal>
+								</goals>
+								<configuration>
+									<failBuildOnCVSS>10</failBuildOnCVSS>
+									<skipTestScope>true</skipTestScope>
+								</configuration>
+							</execution>
+						</executions>
+					</plugin>
+				</plugins>
+			</build>
+		</profile>
 	</profiles>
 </project>

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+<?xml version="1.0" encoding="UTF-8"?>`
	`2`	`+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">`
	`3`	`+</suppressions>`