Wednesday, October 18, 2017

OWASP Dependency Check maven plugin

just run

mvn dependency-check:check

and you get a great report with all the vulnerabilities in your dependencies.... fantastic! Even a Jenkins plugin is available, so you don't need to modify all your poms.

To install it as Jenkins Plugin, install these plugins:

Interesting post on how to configure a separate jenkins task just to update the NIST repos in a common folder to avoid checking for updates at every build.

A similar post goes here

A good test is to run it against the WebGoat but the repo is heavy and you need a good internet connection

Here a presentation of the plugin by Jeremy Long (OWASP)

No comments: