From 3ba48c3313a580e3250f101967a53af18f496d97 Mon Sep 17 00:00:00 2001 From: David Sloan Date: Wed, 19 Jun 2024 12:20:52 +0100 Subject: [PATCH] Adding dependency check --- README.md | 21 ++++++++++++++++++++- pom.xml | 28 ++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 27fe326..600848f 100644 --- a/README.md +++ b/README.md @@ -42,14 +42,33 @@ To check the code style run: mvn checkstyle:check ``` +## Formatter + To format the code run: ```bash mvn com.coveo:fmt-maven-plugin:format ``` +## License Headers + To add license header, run: ```bash mvn license:format -``` \ No newline at end of file +``` + +## Dependency Check + +To run the dependency check: + +1. **Getting NVD API Key:** + - Visit the [National Vulnerability Database (NVD) Website](https://nvd.nist.gov), sign up or log in to obtain your API key. + +2. **Setting NVD API Key in Environment Variable:** + - **Mac (zsh):** Add `export NVD_API_KEY=your_api_key_here` to `~/.zshrc`. + - **Windows:** Use `setx NVD_API_KEY "your_api_key_here"` in Command Prompt (Admin). + - **Linux (bash):** Add `export NVD_API_KEY=your_api_key_here` to `~/.bashrc`. + +3. **Running `mvn verify` for Dependency Check Plugin:** + - Run `mvn verify` to execute it. This will put a `dependency-check-report.html` in the target directory which will give you details of the scan result. \ No newline at end of file diff --git a/pom.xml b/pom.xml index 099e55b..6b463d2 100644 --- a/pom.xml +++ b/pom.xml @@ -165,6 +165,34 @@ + + + org.owasp + dependency-check-maven + 9.2.0 + + 5 + NVD_API_KEY + false + + + ${basedir}/target + + kafka-connect-smt-*.jar + + + + + + + check-dependencies + verify + + check + + + +