introduce vulnerability scan
Introduce vulnerability scan
Motivation:
Since we are providing a service which is open to the public we should be aware of vulnerabilities in our code as well in our libraries. For our own code we already have Sonja which covers at least some of it, for the dependencies there is a Maven plugin.
Modifications:
Add the Maven Dependency-Check plugin (https://jeremylong.github.io/DependencyCheck/index.html) to the build.
Result:
The plugin binds to the verify stage of the Maven build and lets the build fail if there are vulnerabilities with a score greater than or equal to the configured CVSS value (currently 8)
Target: master
Request:
Acked-by: @femiadeyemi
Pull-request: !9 (merged)