See the doc for OWASP Dependency Check tool. This app just installs the Gradle plugin of OWASP Dependency Check tool into the sample app generated by Spring Initializr.
-
Run the dependency check
## Mac / Linux ./gradlew clean dependencyCheckAnalyze ## Windows gradlew.bat clean dependencyCheckAnalyze
-
Check the generated report
Open the generated
build/reports/dependency-check-report.html
in your browser -
You can play by modifying some config in build.gradle or installing a vulnerable software