Merge pull request #47 from nhsconnect/PRMT-4325

[PRMT-4325] - Remove OWASP dependency checker due to vulnerabilities
nhsconnect · Jan 15, 2024 · 2a12e32 · 2a12e32
2 parents e847d10 + 780d114
commit 2a12e32
Show file tree

Hide file tree

Showing 4 changed files with 2 additions and 165 deletions.
diff --git a/build.gradle b/build.gradle
@@ -1,10 +1,9 @@
 plugins {
     id 'org.springframework.boot' version '3.2.1'
-    id 'io.spring.dependency-management' version '1.0.11.RELEASE'
+    id 'io.spring.dependency-management' version '1.1.4'
     id 'java'
     id 'jacoco'
-    id 'com.github.spotbugs' version '6.0.4'
-    id 'org.owasp.dependencycheck' version '7.4.4'
+    id 'com.github.spotbugs' version '6.0.6'
 }
 
 group = 'uk.nhs.prm.repo'
@@ -166,14 +165,5 @@ spotbugsIntegration {
     }
 }
 
-dependencyCheck {
-    failBuildOnCVSS = 7
-    suppressionFile = './dependency-checks-suppression.xml'
-    analyzers {
-          assemblyEnabled = false
-          ossIndexEnabled = false
-    }
-}
-
 check.dependsOn integration
 
diff --git a/dependency-checks-suppression.xml b/dependency-checks-suppression.xml
diff --git a/gocd/audit.pipeline.gocd.yml b/gocd/audit.pipeline.gocd.yml
diff --git a/tasks b/tasks
@@ -231,12 +231,6 @@ case "${command}" in
   run_localstack_local)
       docker-compose -f docker-compose.localstack-local.yaml up -d
       ;;
-  _dep)
-      gradle dependencyCheckAnalyze
-      ;;
-  dep)
-      dojo "./tasks _dep"
-      ;;
   _tf)
       _assume_environment_role $NHS_ENVIRONMENT
       tf_init