From 559d231e111ac5aa60b398eb3b34fa71a78cd900 Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Fri, 31 Mar 2023 21:59:13 +0200
Subject: [PATCH] add dependency check in jenkins pipeline

---
 Jenkinsfile                      | 16 ++++++++++++++++
 dependency-check-supressions.xml |  6 ++++++
 2 files changed, 22 insertions(+)
 create mode 100644 dependency-check-supressions.xml

diff --git a/Jenkinsfile b/Jenkinsfile
index 49a567e6..67fd3805 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -89,6 +89,22 @@ pipeline {
 			}
 		}
 
+        stage ('OWASP Dependency-Check Vulnerabilities') {
+            steps {
+                    dependencyCheck additionalArguments: ''' 
+                        -o "./" 
+                        -s "./"
+                        -f "ALL" 
+                        -d /dependency-check-data
+                        --suppression dependency-check-supressions.xml
+                        --disableKnownExploited
+                        --disableArchive
+                        --prettyPrint''', odcInstallation: 'dependency-check-owasp'
+
+                    dependencyCheckPublisher pattern: 'dependency-check-report.xml'
+            }
+        }
+
         stage('Sonar Checks') {
             when {
                 branch 'master'
diff --git a/dependency-check-supressions.xml b/dependency-check-supressions.xml
new file mode 100644
index 00000000..880fe0f3
--- /dev/null
+++ b/dependency-check-supressions.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+   <suppress>
+      <vulnerabilityName>CVE-DUMMY</vulnerabilityName>
+   </suppress>
+</suppressions>
\ No newline at end of file
-- 
GitLab