Add OWASP dependency-check Maven profile

Adds an 'owasp' profile with dependency-check-maven plugin (v12.1.0)
for local vulnerability scanning. Run with: mvn verify -Powasp
Fails build on CVSS >= 7.0.

Author: Mark Pollack

pom.xml

@@ -292,6 +292,29 @@
                 </plugins>
             </build>
         </profile>
+        <profile>
+            <id>owasp</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.owasp</groupId>
+                        <artifactId>dependency-check-maven</artifactId>
+                        <version>12.1.0</version>
+                        <configuration>
+                            <failBuildOnCVSS>7.0</failBuildOnCVSS>
+                            <ossindexAnalyzerEnabled>false</ossindexAnalyzerEnabled>
+                        </configuration>
+                        <executions>
+                            <execution>
+                                <goals>
+                                    <goal>check</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
     </profiles>
 
     <distributionManagement>