adding ossindex:audit on github actions
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 99bc6ff..84544af 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -48,3 +48,22 @@
run: mvn install -Pintegration-tests
- name: Remove Snapshots Before Caching
run: find /home/runner/work/geronimo-arthur/geronimo-arthur/.m2 -name '*SNAPSHOT' | xargs rm -Rf
+ security_audit:
+ name: Security Audit
+ runs-on: ubuntu-latest
+ steps:
+ - name: Clone
+ uses: actions/checkout@v1
+ - name: Cache Maven Repository
+ uses: actions/cache@v1
+ with:
+ path: /home/runner/work/geronimo-arthur/geronimo-arthur/.m2
+ key: m2_repository
+ - name: Set up JDK
+ uses: actions/setup-java@v1
+ with:
+ java-version: '1.8'
+ - name: Build
+ run: mvn install -Pintegration-tests -DskipTests -Dexec.skip=true ossindex:audit
+ - name: Remove Snapshots Before Caching
+ run: find /home/runner/work/geronimo-arthur/geronimo-arthur/.m2 -name '*SNAPSHOT' | xargs rm -Rf
diff --git a/arthur-maven-plugin/pom.xml b/arthur-maven-plugin/pom.xml
index 930ba90..6cf524d 100644
--- a/arthur-maven-plugin/pom.xml
+++ b/arthur-maven-plugin/pom.xml
@@ -78,6 +78,11 @@
<version>0.12.0</version>
</dependency>
<dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>2.10.0</version>
+ </dependency>
+ <dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>28.0-jre</version>
diff --git a/pom.xml b/pom.xml
index 5dbd0c6..066b47e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -215,6 +215,23 @@
</archive>
</configuration>
</plugin>
+ <plugin><!-- mvn ossindex:audit -->
+ <groupId>org.sonatype.ossindex.maven</groupId>
+ <artifactId>ossindex-maven-plugin</artifactId>
+ <version>3.1.0</version>
+ <executions>
+ <execution>
+ <id>audit-dependencies</id>
+ <phase />
+ <goals>
+ <goal>audit</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <scope>compile,runtime</scope>
+ </configuration>
+ </plugin>
</plugins>
</build>
