Skip to content

Commit 86dbde6

Browse files
A3a3e1A3a3e1
authored
Add an automated vulnerability check to CI/CD (#19)
1 parent 5ca71ab commit 86dbde6

File tree

4 files changed

+19
-14
lines changed

4 files changed

+19
-14
lines changed

.circleci/config.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,9 @@ jobs:
8686
paths:
8787
- ~/.gradle/caches
8888
- ~/.gradle/wrapper
89+
- run:
90+
name: Audit Dependencies
91+
command: ./gradlew dependencyCheckAnalyze -PrunWithDependencyCheck
8992
build:
9093
docker:
9194
- image: cimg/base:stable

CHANGELOG.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
## 1.0.6 (May 11, 2022)
2+
* Made an automated vulnerability check run in CI/CD
3+
14
## 1.0.5 (May 6, 2022)
25
* Add an automated vulnerability check
36

build.gradle

Lines changed: 12 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,17 @@ apply plugin: 'groovy'
33
apply plugin: 'idea'
44
apply plugin: 'eclipse'
55
apply plugin: 'java-library-distribution'
6-
apply plugin: org.owasp.dependencycheck.gradle.DependencyCheckPlugin
6+
if (hasProperty('runWithDependencyCheck')) {
7+
apply plugin: org.owasp.dependencycheck.gradle.DependencyCheckPlugin
8+
9+
check.dependsOn dependencyCheckAnalyze
10+
11+
dependencyCheck {
12+
format = 'HTML'
13+
failBuildOnCVSS = 7
14+
suppressionFile='./dependencyCheck-suppression.xml'
15+
}
16+
}
717

818
group = 'io.elastic'
919

@@ -49,23 +59,12 @@ uploadArchives {
4959
}
5060
}
5161

52-
check.dependsOn dependencyCheckAnalyze
53-
54-
dependencyCheck {
55-
format = 'ALL'
56-
// Dependency Check script will fail in case there are critical (9.0-10.0) vulnerabilities.
57-
// It should be configured to 7 (high and critical), but so far is not possible as 'axis' library
58-
// and log4j issues which does not have any updates that solve the problem
59-
failBuildOnCVSS = 7
60-
suppressionFile='./dependencyCheck-suppression.xml'
61-
}
62-
6362
buildscript {
6463
repositories {
6564
mavenCentral()
6665
}
6766
dependencies {
68-
classpath 'org.owasp:dependency-check-gradle:6.0.3'
67+
classpath 'org.owasp:dependency-check-gradle:7.1.0.1'
6968
}
7069
}
7170

component.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
"title": "Petstore API (Java)",
33
"description": "elastic.io component for the Petstore API",
44
"docsUrl": "https://github.com/elasticio/petstore-component-java",
5-
"version": "1.0.5",
5+
"version": "1.0.6",
66
"credentials": {
77
"fields": {
88
"apiKey": {

0 commit comments

Comments
 (0)