Merge pull request #14 from nhsconnect/PRMT-4335

[PRMT-4335] - Remove OWASP dependency checker due to vulnerabilities
nhsconnect · Jan 12, 2024 · b2d2b5c · b2d2b5c
2 parents c025e77 + 8fbc5de
commit b2d2b5c
Show file tree

Hide file tree

Showing 4 changed files with 1 addition and 104 deletions.
diff --git a/build.gradle b/build.gradle
@@ -1,8 +1,7 @@
 plugins {
     id 'org.springframework.boot' version '2.7.18'
-    id 'io.spring.dependency-management' version '1.0.11.RELEASE'
+    id 'io.spring.dependency-management' version '1.1.4'
     id 'java'
-    id 'org.owasp.dependencycheck' version '7.4.4'
 }
 
 group = 'uk.nhs.prm.repo'
@@ -56,12 +55,3 @@ dependencies {
 tasks.named('test') {
     useJUnitPlatform()
 }
-
-dependencyCheck {
-    failBuildOnCVSS = 7
-    suppressionFile = './dependency-checks-suppression.xml'
-    analyzers {
-          assemblyEnabled = false
-          ossIndexEnabled = false
-    }
-}
diff --git a/dependency-checks-suppression.xml b/dependency-checks-suppression.xml
diff --git a/gocd/audit.pipeline.gocd.yml b/gocd/audit.pipeline.gocd.yml
diff --git a/tasks b/tasks
@@ -187,12 +187,6 @@ case "${command}" in
   run_local)
     ./gradlew bootRun
     ;;
-  _dep)
-      gradle dependencyCheckAnalyze
-      ;;
-  dep)
-      dojo "./tasks _dep"
-      ;;
   tf)
       check_env
       dojo -c Dojofile-infra "./tasks _tf"