diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
new file mode 100644
index 0000000000000000000000000000000000000000..150cf30087c65573661ad16314406a3ef156f4a9
--- /dev/null
+++ b/owasp-suppressions.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
+ <suppress>
+ <notes>The GeneralHandler is not used. de.landsh.opendata.dataproxy.App handles GET requests directly.</notes>
+ <cve>CVE-2020-13697</cve>
+ </suppress>
+</suppressions>
diff --git a/pom.xml b/pom.xml
index 1c40ddbf0209ef733078da6c02cdbc1187816b4b..e555835c16b67ebbc6f3e9274b6a3b59eff2e597 100644
--- a/pom.xml
+++ b/pom.xml
@@ -36,6 +36,14 @@
</execution>
</executions>
</plugin>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.22.2</version>
+ </plugin>
+ <plugin>
+ <artifactId>maven-failsafe-plugin</artifactId>
+ <version>2.22.2</version>
+ </plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
@@ -58,6 +66,74 @@
</execution>
</executions>
</plugin>
+ <plugin>
+ <groupId>org.jacoco</groupId>
+ <artifactId>jacoco-maven-plugin</artifactId>
+ <version>0.8.7</version>
+ <executions>
+ <execution>
+ <id>coverage-initialize</id>
+ <goals>
+ <goal>prepare-agent</goal>
+ </goals>
+ </execution>
+ <execution>
+ <id>coverage-report</id>
+ <phase>post-integration-test</phase>
+ <goals>
+ <goal>report</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <version>3.0.0</version>
+ <configuration>
+ <rules>
+ <bannedDependencies>
+ <excludes>
+ <exclude>junit:junit</exclude>
+ <exclude>junit:junit-dep</exclude>
+ </excludes>
+ </bannedDependencies>
+ <dependencyConvergence/>
+ </rules>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>6.5.3</version>
+ <configuration>
+ <suppressionFiles>
+ <suppressionFile>owasp-suppressions.xml</suppressionFile>
+ </suppressionFiles>
+ <failBuildOnCVSS>8</failBuildOnCVSS>
+ <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
+ <failOnError>true</failOnError>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <goal>check</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>com.github.spotbugs</groupId>
+ <artifactId>spotbugs-maven-plugin</artifactId>
+ <version>4.5.3.0</version>
+ </plugin>
</plugins>
</build>
<dependencies>
@@ -88,11 +164,10 @@
<artifactId>antlr4-runtime</artifactId>
<version>4.9.3</version>
</dependency>
-
<dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>4.13.2</version>
+ <groupId>org.junit.jupiter</groupId>
+ <artifactId>junit-jupiter</artifactId>
+ <version>5.8.2</version>
<scope>test</scope>
</dependency>
</dependencies>
diff --git a/src/test/java/de/landsh/opendata/dataproxy/CoronaDataTest.java b/src/test/java/de/landsh/opendata/dataproxy/CoronaDataTest.java
index 596b3df83b8366c3d6c8efddf53eafc9536e872f..932fcf02b504adb17f3233d4e1cae58ee678ca92 100644
--- a/src/test/java/de/landsh/opendata/dataproxy/CoronaDataTest.java
+++ b/src/test/java/de/landsh/opendata/dataproxy/CoronaDataTest.java
@@ -3,13 +3,12 @@ package de.landsh.opendata.dataproxy;
import de.landsh.opendata.coronardeck.CoronaDataLexer;
import de.landsh.opendata.coronardeck.CoronaDataParser;
import org.antlr.v4.runtime.*;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
import java.io.IOException;
import java.io.InputStream;
+import static org.junit.jupiter.api.Assertions.*;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.fail;
/**
* Unit test for simple CoronaData.
diff --git a/src/test/java/de/landsh/opendata/dataproxy/StrassenSH2GeojsonTest.java b/src/test/java/de/landsh/opendata/dataproxy/StrassenSH2GeojsonTest.java
index 044853cf29ebc242d2ea8795b0f6b2d6ff60cd81..c92c60cc8ae4ab6fc12fbfad3efc2250589bbcb0 100644
--- a/src/test/java/de/landsh/opendata/dataproxy/StrassenSH2GeojsonTest.java
+++ b/src/test/java/de/landsh/opendata/dataproxy/StrassenSH2GeojsonTest.java
@@ -2,9 +2,10 @@ package de.landsh.opendata.dataproxy;
import org.json.JSONArray;
import org.json.JSONObject;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.*;
-import static org.junit.Assert.*;
public class StrassenSH2GeojsonTest {
@@ -19,7 +20,7 @@ public class StrassenSH2GeojsonTest {
assertTrue(result.has("properties"));
JSONObject geometry = result.getJSONObject("geometry");
- assertNotNull(geometry);
+ assertNotNull(geometry);
assertEquals("LineString", geometry.getString("type"));
JSONArray coordinates = geometry.getJSONArray("coordinates");
assertNotNull(coordinates);