Moved maven-site-plugin to reporting section and added org.owasp/dependency-check-maven plugin in version 4.0.1.

Wolfram Lutz · Wolfram Lutz · commit b6e3d4c131ae · 2019-01-18T11:29:26.000+01:00
diff --git a/pom.xml b/pom.xml
@@ -78,14 +78,36 @@
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-maven-plugin</artifactId>
       </plugin>
+    </plugins>
+  </build>
+
+  <reporting>
+    <plugins>
       <!-- needed for mvn site - see https://stackoverflow.com/a/51099913 -->
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-site-plugin</artifactId>
         <version>3.7.1</version>
       </plugin>
-    </plugins>
-  </build>
 
+      <plugin>
+        <groupId>org.owasp</groupId>
+        <artifactId>dependency-check-maven</artifactId>
+        <version>4.0.1</version>
+        <reportSets>
+          <reportSet>
+            <reports>
+              <report>aggregate</report>
+            </reports>
+          </reportSet>
+        </reportSets>
+        <configuration>
+          <failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
+          <failBuildOnCVSS>8</failBuildOnCVSS>
+          <suppressionFile>dependency-check-report_suppressions.xml</suppressionFile>
+        </configuration>
+      </plugin>
 
+    </plugins>
+  </reporting>
 </project>
