artem-smotrakov/build.gradle

## build.gradle
buildscript {
    repositories {
        mavenCentral()
    }
    dependencies {
        classpath 'org.springframework.boot:spring-boot-gradle-plugin:2.0.1.RELEASE'
        classpath 'org.owasp:dependency-check-gradle:3.1.2'
    }
}

apply plugin: 'java'
apply plugin: 'idea'
apply plugin: 'org.springframework.boot'
apply plugin: 'io.spring.dependency-management'
apply plugin: 'org.owasp.dependencycheck'

bootJar {
    baseName = 'spring-boot-fun'
    version =  '0.0.1'
}

repositories {
    mavenCentral()
}

sourceCompatibility = 1.8
targetCompatibility = 1.8

dependencies {
    // this dependency contains a couple of known vulnerabilities
    compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.7.3'

    compile 'org.springframework.boot:spring-boot-starter-web'
    testCompile 'junit:junit'
}

// OWASP Dependency Check settings
dependencyCheck {

    // let's ignore errors to make builds in Jenkins more stable
    failOnError = false

    // OWASP Dependency Check plugin for Jenkins needs an XML report,
    // but humans may also need an HTML one
    format = 'ALL'

    // set up a quality gate for vulnerabilities with high severity level:
    //   let's consider that a vulnerability has a high severity level if its CVSS score is higher than 7
    //   the build is going to fail if vulnerabilities with high severity level found
    failBuildOnCVSS = 7

    // specify a list of known issues which contain:
    //   false-positives
    //   confirmed vulnerabilities which are not fixed yet, but we have a ticket for that
    suppressionFile = 'dependency-check-known-issues.xml'
}
	buildscript {
	repositories {
	mavenCentral()
	}
	dependencies {
	classpath 'org.springframework.boot:spring-boot-gradle-plugin:2.0.1.RELEASE'
	classpath 'org.owasp:dependency-check-gradle:3.1.2'
	}
	}

	apply plugin: 'java'
	apply plugin: 'idea'
	apply plugin: 'org.springframework.boot'
	apply plugin: 'io.spring.dependency-management'
	apply plugin: 'org.owasp.dependencycheck'

	bootJar {
	baseName = 'spring-boot-fun'
	version = '0.0.1'
	}

	repositories {
	mavenCentral()
	}

	sourceCompatibility = 1.8
	targetCompatibility = 1.8

	dependencies {
	// this dependency contains a couple of known vulnerabilities
	compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.7.3'

	compile 'org.springframework.boot:spring-boot-starter-web'
	testCompile 'junit:junit'
	}

	// OWASP Dependency Check settings
	dependencyCheck {

	// let's ignore errors to make builds in Jenkins more stable
	failOnError = false

	// OWASP Dependency Check plugin for Jenkins needs an XML report,
	// but humans may also need an HTML one
	format = 'ALL'

	// set up a quality gate for vulnerabilities with high severity level:
	// let's consider that a vulnerability has a high severity level if its CVSS score is higher than 7
	// the build is going to fail if vulnerabilities with high severity level found
	failBuildOnCVSS = 7

	// specify a list of known issues which contain:
	// false-positives
	// confirmed vulnerabilities which are not fixed yet, but we have a ticket for that
	suppressionFile = 'dependency-check-known-issues.xml'
	}