Merge branch 'feature/437663-shared-url' into 'develop'

sharedUrl

See merge request upm-inesdata/registration-service!2

build.gradle

@@ -2,6 +2,9 @@ plugins {
 	id 'java'
 	id 'org.springframework.boot' version '3.3.1'
 	id 'io.spring.dependency-management' version '1.1.5'
+	id 'jacoco'
+	id 'org.sonarqube' version '5.1.0.4872'
+	id 'org.owasp.dependencycheck' version '10.0.3'
 }
 
 group = 'org.upm.inesdata'
@@ -14,6 +17,7 @@ java {
 }
 
 repositories {
+	gradlePluginPortal()
 	mavenCentral()
 }
 
@@ -29,11 +33,44 @@ dependencies {
 	implementation 'org.projectlombok:lombok:1.18.22'
 	runtimeOnly 'org.postgresql:postgresql'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
-	testImplementation 'com.h2database:h2'
+	testImplementation 'com.h2database:h2:2.3.230'
+	implementation 'org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:5.1.0.4872'
+	implementation 'org.owasp:dependency-check-gradle:10.0.3'
 	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 	annotationProcessor 'org.projectlombok:lombok:1.18.22'
 }
 
+configurations.all {
+    resolutionStrategy {
+        force 'org.bouncycastle:bcprov-jdk18on:1.78.1'
+		force 'com.h2database:h2:2.3.230'
+		force 'com.squareup.okhttp3:okhttp:4.12.0'
+		force 'com.squareup.okio:okio:3.9.0'
+    }
+}
+
 tasks.named('test') {
 	useJUnitPlatform()
 }
+
+sonar {
+	properties {
+		// Recommended way to use the plugin. Compilation must be ensured
+		// externally before calling the sonar task
+		property "sonar.gradle.skipCompile", "true"
+	}
+}
+
+dependencyCheck {
+    failBuildOnCVSS = 7
+    suppressionFile "suppressions.xml"
+    analyzers {
+		// To avoid trying to analyze DLL files
+		assemblyEnabled=false
+		ossIndex {
+			// remote errors from the OSS Index (e.g. BAD GATEWAY, RATE LIMIT EXCEEDED)
+			// will result in warnings only instead of failing execution.
+			warnOnlyOnRemoteErrors = true
+		}
+    }
+}

src/main/java/org/upm/inesdata/registration_service/entity/Participant.java

@@ -35,4 +35,10 @@ public class Participant {
      */
     @NotNull
     private long createdAt;
+
+    /**
+     * The URL associated with the  shared vocabularies of participants.
+     */
+    @NotNull
+    private String sharedUrl;
 }

src/main/resources/db/changelog/0.1.0/db.changelog-1.0.xml

@@ -16,6 +16,9 @@
             <column name="created_at" type="BIGINT">
                 <constraints nullable="false"/>
             </column>
+            <column name="shared_url" type="VARCHAR(255)">
+                <constraints nullable="false"/>
+            </column>
         </createTable>
     </changeSet>
 

suppressions.xml

@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+   <suppress>
+      <notes><![CDATA[
+		  sonar dependency that cannot be forced
+      ]]></notes>
+      <packageUrl regex="true">^pkg:maven/com\.h2database/h2@.*$</packageUrl>
+      <cpe>cpe:/a:h2database:h2</cpe>
+      <cpe>cpe:/a:service_project:service</cpe>
+   </suppress>
+   <suppress>
+      <notes><![CDATA[
+      file name: sonar-scanner-api-2.16.2.588.jar
+      ]]></notes>
+      <packageUrl regex="true">^pkg:maven/com\.squareup\.okhttp3/okhttp.*@.*$</packageUrl>
+      <cpe>cpe:/a:squareup:okhttp</cpe>
+      <cpe>cpe:/a:squareup:okhttp3</cpe>
+      <cve>CVE-2018-14335</cve>
+      <cve>CVE-2021-0341</cve>
+   </suppress>
+   <suppress>
+      <notes><![CDATA[
+      file name: sonar-scanner-api-2.16.2.588.jar
+      ]]></notes>
+      <packageUrl regex="true">^pkg:maven/com\.squareup\.okio/okio@.*$</packageUrl>
+      <cpe>cpe:/a:squareup:okio</cpe>
+      <cve>CVE-2023-3635</cve>
+   </suppress>
+
+</suppressions>