Configure OWASP scan with dependency check plugin in Jenkins pipeline project

  1. Make sure you have installed the OWASP dependency check plugin in Jenkins
  2. install dependency-check script using this Ansible role (I have used it for jenkins master and slave). It will simply install dependency-check shell script in /opt directory
    roles/owasp-check-install/defaults/main.yml:
    ---
    dependency_check_version: 5.1.1
    roles/owasp-check-install/tasks/main.yml
    ---
    - name: Delete previously unpacked /opt/dependency-check
      file:
        path: /opt/dependency-check
        state: absent
      become: yes
    
    - name: "Download dependency-check-{{ dependency_check_version }}-release.zip"
      get_url:
        url: "https://dl.bintray.com/jeremy-long/owasp/dependency-check-{{ dependency_check_version }}-release.zip"
        dest: /opt/dc.zip
      become: yes
    
    - name: Extract dc.zip into /opt/dependency-check
      unarchive:
        src: /opt/dc.zip
        dest: /opt
        remote_src: yes
      become: yes
    
    - name: Recursively change ownership of a directory /opt/dependency-check
      file:
        path: /opt/dependency-check
        state: directory
        recurse: yes
        owner: jenkins
        group: jenkins
      become: yes
  3. Modify the Jenkins pipeline. I used direct invocation, because calling the plugin gives me Null pointer exception in Jenkins. Add new step for scan:
        stage("Dependency Check") {
            steps {
       sh '''
        /opt/dependency-check/bin/dependency-check.sh --out . -s $WORKSPACE --project test -f HTML -f XML
        '''
        dependencyCheckPublisher pattern: '**/dependency-check-report.xml'
        archiveArtifacts allowEmptyArchive: true, artifacts: '**/dependency-check-report.html', onlyIfSuccessful: true
      }}