Merge pull request #224 from AriPaaWun/feature/nvd-check

Add NVD checker to travis build

Author: pitbulk

.nvd-suppressions.xml

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
+
+</suppressions>

.travis.yml

@@ -5,4 +5,4 @@ jdk:
 #  - oraclejdk7 #It seems oraclejdk7 temp fail on Travis
 install: true
 after_success:
-  - mvn clean test org.jacoco:jacoco-maven-plugin:report org.eluder.coveralls:coveralls-maven-plugin:report
+  - mvn clean verify org.jacoco:jacoco-maven-plugin:report org.eluder.coveralls:coveralls-maven-plugin:report

pom.xml

@@ -14,7 +14,7 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<slf4jVersion>1.7.12</slf4jVersion>
 		<junitVersion>4.12</junitVersion>
-		<logbackVersion>1.1.3</logbackVersion>
+		<logbackVersion>1.2.3</logbackVersion>
 		<apacheCommonsLangVersion>3.4</apacheCommonsLangVersion>
 	</properties>
 
@@ -93,6 +93,24 @@
 					</execution>
 				</executions>
 			</plugin>
+			<plugin>
+				<groupId>org.owasp</groupId>
+				<artifactId>dependency-check-maven</artifactId>
+				<version>5.0.0-M1</version>
+				<configuration>
+					<failBuildOnCVSS>7</failBuildOnCVSS>
+					<suppressionFiles>
+						<suppressionFile>.nvd-suppressions.xml</suppressionFile>
+					</suppressionFiles>
+				</configuration>
+				<executions>
+					<execution>
+						<goals>
+							<goal>check</goal>
+						</goals>
+					 </execution>
+				</executions>
+			</plugin>
 		</plugins>
 		<pluginManagement>
 			<plugins>