introduce vulnerability scan (!9) · Merge requests · Helmholtz Cloud Portal / Helmholtz Marketplace Server

Ghost User requested to merge helmholtz-cloud-portal/carstenheidmann/helmholtz-marketplace-server:pr-vulnerability-scan into master Jul 23, 2020

Introduce vulnerability scan

Motivation:

Since we are providing a service which is open to the public we should be aware of vulnerabilities in our code as well in our libraries. For our own code we already have Sonja which covers at least some of it, for the dependencies there is a Maven plugin.

Modifications:

Add the Maven Dependency-Check plugin (https://jeremylong.github.io/DependencyCheck/index.html) to the build.

Result:

The plugin binds to the verify stage of the Maven build and lets the build fail if there are vulnerabilities with a score greater than or equal to the configured CVSS value (currently 8)

Target: master

Request:

Acked-by: @femiadeyemi

Pull-request: !9 (merged)

Edited Aug 05, 2020 by Ghost User

introduce vulnerability scan

Merge request reports