java依赖漏洞扫描

pom加上

  <plugin>
                <groupId>org.owasp</groupId>
                <artifactId>dependency-check-maven</artifactId>
                <version>7.0.0</version>
                <configuration>
                    <autoUpdate>true</autoUpdate>
                </configuration>
                <executions>
                    <execution>
                        <goals>
                            <goal>check</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>

执行扫描命令

mvn dependency-check:check

生成报告

查看生成的target/dependency-check-report.html报告