cve漏洞监测扫描插件

配置mvn项目

    <build>
        <plugins>
            <plugin>
                <groupId>org.owasp</groupId>
                <artifactId>dependency-check-maven</artifactId>
                <version>12.1.0</version>
                <configuration>
                    <autoUpdate>true</autoUpdate>
                    <nvdDatafeedUrl>https://nvdcve.iovhm.com</nvdDatafeedUrl>
                    <retireJsUrl>http://nvdcve.iovhm.com/jsrepository.json</retireJsUrl>
                </configuration>
                <executions>
                    <execution>
                        <goals>
                            <goal>check</goal>
                            <goal>update-only</goal>
                            <goal>aggregate</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>

执行cve依赖检测

 mvn dependency-check:aggregate

也可以在可视化区域执行

获取扫描报告

打开扫描报告