introduce vulnerability scan
requested to merge helmholtz-cloud-portal/carstenheidmann/helmholtz-cerebrum:pr-vulnerability-scan into master
Introduce vulnerability scan
Motivation:
Since we are providing a service which is open to the public we should be aware of vulnerabilities in our code as well in our libraries. For our own code we already have Sonja which covers at least some of it, for the dependencies there is a Maven plugin.
Modifications:
Add the Maven Dependency-Check plugin (https://jeremylong.github.io/DependencyCheck/index.html) to the build. Exclude jakarta.websocket-api-1.1.2 since it delivers a false positive
Result:
The plugin binds to the verify stage of the Maven build and lets the build fail if there are vulnerabilities with a score greater than or equal to the configured CVSS value (currently 8)
Target: master
Request:
Acked-by:
Pull-request: !16 (merged)
Edited by Ghost User