From f742a10ab83f3fe35170d6cb39d4bb4bed002743 Mon Sep 17 00:00:00 2001
From: dotasek <dotasek.dev@gmail.com>
Date: Mon, 28 Aug 2023 15:34:53 -0400
Subject: [PATCH 1/2] Add OWASP check

---
 .github/workflows/owasp.yml | 29 +++++++++++++++++++++++++++++
 owasp-suppression-file.xml  |  3 +++
 2 files changed, 32 insertions(+)
 create mode 100644 .github/workflows/owasp.yml
 create mode 100644 owasp-suppression-file.xml

diff --git a/.github/workflows/owasp.yml b/.github/workflows/owasp.yml
new file mode 100644
index 0000000..5493b83
--- /dev/null
+++ b/.github/workflows/owasp.yml
@@ -0,0 +1,29 @@
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+  workflow_dispatch:
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - run: |
+          mvn -DskipTests install -P OWASP_CHECK
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: target/dependency-check-report.sarif
+          # Optional category for the results
+          # Used to differentiate multiple results for one commit
+
+          category: OWASP-dependency-check
\ No newline at end of file
diff --git a/owasp-suppression-file.xml b/owasp-suppression-file.xml
new file mode 100644
index 0000000..cbc052c
--- /dev/null
+++ b/owasp-suppression-file.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+</suppressions>
\ No newline at end of file

From d75ea4473e926212ecce59775df2efb27d401b93 Mon Sep 17 00:00:00 2001
From: dotasek <dotasek.dev@gmail.com>
Date: Mon, 28 Aug 2023 15:39:06 -0400
Subject: [PATCH 2/2] Woops. Forgot to add owasp to the pom.

---
 pom.xml | 43 ++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 42 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 0e711e9..2823354 100644
--- a/pom.xml
+++ b/pom.xml
@@ -101,8 +101,22 @@
     </distributionManagement>
 
     <build>
+        <pluginManagement>
+            <plugins>
+                <plugin>
+                    <groupId>org.owasp</groupId>
+                    <artifactId>dependency-check-maven</artifactId>
+                    <version>8.2.1</version>
+                    <configuration>
+                        <suppressionFiles>
+                            <suppressionFile>cve-suppression.xml</suppressionFile>
+                        </suppressionFiles>
+                        <formats>sarif,html</formats>
+                    </configuration>
+                </plugin>
+            </plugins>
+        </pluginManagement>
         <plugins>
-
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
@@ -307,5 +321,32 @@
                 </plugins>
             </build>
         </profile>
+        <profile>
+            <id>OWASP_CHECK</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.owasp</groupId>
+                        <artifactId>dependency-check-maven</artifactId>
+                        <configuration>
+                            <suppressionFiles>
+                                <suppressionFile>owasp-suppression-file.xml</suppressionFile>
+                            </suppressionFiles>
+                        </configuration>
+                        <executions>
+                            <execution>
+                                <goals>
+                                    <goal>check</goal>
+                                </goals>
+                                <configuration>
+                                    <failBuildOnCVSS>10</failBuildOnCVSS>
+                                    <skipTestScope>true</skipTestScope>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
     </profiles>
 </project>