See the doc for OWASP Dependency Check tool. This app just installs the Gradle plugin of OWASP Dependency Check tool into the sample Spring Boot app generated by Spring Initializr.
-
Clone this repo
git clone https://github.com/lethe2211/owasp-dependencycheck-sample.git
-
Run the dependency check
cd owasp-dependencycheck-sample ## Mac / Linux ./gradlew clean dependencyCheckAnalyze ## Windows gradlew.bat clean dependencyCheckAnalyze
-
Check the generated report
# Open the generated `build/reports/dependency-check-report.html` in your browser ## Mac open build/reports/dependency-check-report.html
-
You can play by modifying some config in build.gradle or installing a vulnerable software