Adding OWASP Dependency Check job

[kramos]

Also: Adding test for Owasp Dependency Check job Fixing https://github.com/Accenture/adop-cartridge-java/issues/33 Improving .gitignore

This PR is dependent on the docker image created by this PR: https://github.com/Accenture/adop-jenkins/pull/25 being tagged and consumed by an updated: https://github.com/Accenture/adop-docker-compose/blob/master/docker-compose.yml

[anton-kasperovich]

Hi @kramos , excellent additional to the pipeline! I've found that "Publishes OWASP dependency check results" supported by JobDSL by default, so not need to make configure fallback block there, you can reduce source code there and make it more convenient.

[kramos]

Good find @anton-kasperovich I replaced the publisher XML with DSL and tested it.

Thanks for the tip on searching the DSL plugin source code for DSL support, e.g. https://github.com/jenkinsci/job-dsl-plugin/search?utf8=%E2%9C%93&q=dependencyCheck

[kramos]

Here is a PR for the Jenkins update: https://github.com/Accenture/adop-docker-compose/pull/178 :)

[kramos]

Tested this in a vanilla latest ADOP and

• the new OWASP_Dependency_Check job worked (currently finding some JavaScript as well as Java vulnerabilities)!
• all the other jobs worked
• all three environments worked (post being created and deployed to)

[subodh-hatkar]

OWASP_Dependency_Check job tested and working with and without setting threshold.

[deors]

is there any outstanding issue preventing us from merging this? it would be great to have in Java cartridge by default.