Add back scanning

Author: ctmay4

build.gradle

@@ -8,6 +8,7 @@ plugins {
     id "io.codearte.nexus-staging" version "0.30.0"  // logs into Sonotype OSS and does a "Close" and "Release"
     id 'com.adarshr.test-logger' version '3.2.0'
     id "com.github.ben-manes.versions" version "0.44.0"
+    id 'org.sonatype.gradle.plugins.scan' version '2.4.1'
     id "org.sonarqube" version "3.5.0.2730"
 }
 
@@ -79,6 +80,22 @@ jacocoTestReport {
 }
 test.finalizedBy jacocoTestReport
 
+// Nexus vulnerability scan (https://github.com/sonatype-nexus-community/scan-gradle-plugin)
+ossIndexAudit {
+    outputFormat = 'DEPENDENCY_GRAPH'
+    printBanner = false
+
+    // only set proxy if running outside of Github Actions
+    if (!System.getenv().GITHUB_ACTIONS) {
+        proxyConfiguration {
+            protocol = 'http'
+            host = 'webproxy-btp.imsweb.com'
+            port = 8080
+        }
+    }
+}
+check.dependsOn 'ossIndexAudit'
+
 sonarqube {
     properties {
         property "sonar.projectKey", "imsweb_x12-parser"