Add an automated vulnerability check to CI/CD (#19)

elasticio · May 11, 2022 · 86dbde6 · 86dbde6
1 parent 5ca71ab
commit 86dbde6
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 14 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -86,6 +86,9 @@ jobs:
           paths:
             - ~/.gradle/caches
             - ~/.gradle/wrapper
+      - run:
+          name: Audit Dependencies
+          command: ./gradlew dependencyCheckAnalyze -PrunWithDependencyCheck
   build:
     docker:
       - image: cimg/base:stable

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+## 1.0.6 (May 11, 2022)
+* Made an automated vulnerability check run in CI/CD
+
 ## 1.0.5 (May 6, 2022)
 * Add an automated vulnerability check
 

diff --git a/build.gradle b/build.gradle
@@ -3,7 +3,17 @@ apply plugin: 'groovy'
 apply plugin: 'idea'
 apply plugin: 'eclipse'
 apply plugin: 'java-library-distribution'
-apply plugin: org.owasp.dependencycheck.gradle.DependencyCheckPlugin
+if (hasProperty('runWithDependencyCheck')) {
+    apply plugin: org.owasp.dependencycheck.gradle.DependencyCheckPlugin
+
+    check.dependsOn dependencyCheckAnalyze
+
+    dependencyCheck {
+        format = 'HTML'
+        failBuildOnCVSS = 7
+        suppressionFile='./dependencyCheck-suppression.xml'
+    }
+}
 
 group = 'io.elastic'
 
@@ -49,23 +59,12 @@ uploadArchives {
     }
 }
 
-check.dependsOn dependencyCheckAnalyze
-
-dependencyCheck {
-    format = 'ALL'
-    // Dependency Check script will fail in case there are critical (9.0-10.0) vulnerabilities.
-    // It should be configured to 7 (high and critical), but so far is not possible as 'axis' library
-    // and log4j issues which does not have any updates that solve the problem
-    failBuildOnCVSS = 7
-    suppressionFile='./dependencyCheck-suppression.xml'
-}
-
 buildscript {
     repositories {
         mavenCentral()
     }
     dependencies {
-        classpath 'org.owasp:dependency-check-gradle:6.0.3'
+        classpath 'org.owasp:dependency-check-gradle:7.1.0.1'
     }
 }
 

diff --git a/component.json b/component.json
@@ -2,7 +2,7 @@
   "title": "Petstore API (Java)",
   "description": "elastic.io component for the Petstore API",
   "docsUrl": "https://github.com/elasticio/petstore-component-java",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "credentials": {
     "fields": {
       "apiKey": {