feat: include again the report plugin updated and with doc

Author: sellisd

README.md

@@ -359,6 +359,26 @@ kube-linter --config api/kubernetes/.kube-linter.yaml lint api/kubernetes/helm-c
 kube-linter --config api/kubernetes/.kube-linter.yaml lint api/kubernetes/csm-argo
 ```
 
+#### Vulnerability report
+
+To generate a report of publicly disclosed vulnerabilities in the dependencies
+add your API key for the National Vulnerability Database (https://nvd.nist.gov/)
+as a property available to gradle. If you don't have a key get one from
+here: https://nvd.nist.gov/developers/request-an-api-key. Add your key in your
+`~/.gradle/gradle.properties` file (create the file if it does not exist)
+
+```properties
+NVD_API_key=[key]
+```
+
+Then run the dependency check task which can take about 10 minutes:
+
+```shell
+./gradlew dependencyCheckAggregate
+```
+
+an html report will be generated under `/build/reports`
+
 ## License
 
     Copyright 2021 Cosmo Tech

build.gradle.kts

@@ -30,6 +30,7 @@ plugins {
   id("com.diffplug.spotless") version "6.25.0"
   id("org.springframework.boot") version "3.4.1" apply false
   id("project-report")
+  id("org.owasp.dependencycheck") version "12.0.0"
   id("com.github.jk1.dependency-license-report") version "2.9"
   id("org.jetbrains.kotlinx.kover") version "0.7.4"
   id("io.gitlab.arturbosch.detekt") version "1.23.7"
@@ -81,6 +82,12 @@ mkdir(configBuildDir)
 
 val hardCodedLicensesReportPath = "project-licenses-for-check-license-task.json"
 
+dependencyCheck{
+  nvd{
+    apiKey = System.getenv("NVD_API_key")
+  }
+}
+
 licenseReport {
   outputDir = licenseReportDir
   allowedLicensesFile =
@@ -102,6 +109,7 @@ allprojects {
   apply(plugin = "org.jetbrains.kotlin.jvm")
   apply(plugin = "io.gitlab.arturbosch.detekt")
   apply(plugin = "project-report")
+  apply(plugin = "org.owasp.dependencycheck")
 
   java {
     targetCompatibility = JavaVersion.VERSION_21