Merge pull request #574 from rundeck/remove-owasp

remove owasp checks

Author: gschueler

.github/workflows/dependencyCheck.yml

@@ -72,12 +72,6 @@ Update dependency verification metadata and export any new keys.
     git add gradle/verification-metadata.xml
     git add gradle/verification-keyring.keys
 
-## Owasp Dependency check
-
-Check OWASP scan for dependencies
-
-    ./gradlew dependencyCheckAggregate -Porg.gradle.dependency.verification.console=verbose --dependency-verification lenient
-
 ## Install Locally
 
 Install to local path rd-cli-tool/build/install/rd/bin/rd

README.md

@@ -16,23 +16,16 @@
 
 plugins {
     id 'base'
-    alias(libs.plugins.owasp)
     alias(libs.plugins.axion)
     alias(libs.plugins.nexusPublish)
 }
 import java.util.regex.Matcher
 import pl.allegro.tech.build.axion.release.domain.VersionConfig
 import pl.allegro.tech.build.axion.release.infrastructure.di.VersionResolutionContext
 
-apply plugin: 'org.owasp.dependencycheck'
 ext.githubUrl = "https://github.com/rundeck/rundeck-cli"
 ext.changelogFile = file("CHANGELOG.md")
 
-dependencyCheck {
-    suppressionFile='cve-suppress.xml'
-    format='ALL'
-    failBuildOnCVSS=8
-}
 subprojects{
 
     apply plugin: "java-library"

build.gradle

@@ -13,7 +13,6 @@ shadow = "7.1.2"
 ospackage = "9.1.1"
 buildInfo = "0.9"
 buildConfig = "3.1.0"
-owasp = "7.1.0.1"
 jacksonDatabind = "2.18.1"
 picocli = "4.6.3"
 snakeYaml = "2.0"
@@ -66,4 +65,3 @@ shadow = { id = "com.github.johnrengelman.shadow", version.ref = "shadow" }
 ospackage = { id = "nebula.ospackage", version.ref = "ospackage" }
 buildInfo = { id = "org.dvaske.gradle.git-build-info", version.ref = "buildInfo" }
 buildConfig = { id = 'com.github.gmazzo.buildconfig', version.ref = "buildConfig" }
-owasp = { id = "org.owasp.dependencycheck", version.ref = "owasp" }