pipeline {
    agent any

    stages {
        stage('Security Scan') {
            steps {
                // Run OWASP Dependency Check
                // 'depcheck' matches the tool name configured in Jenkins Global Tool Configuration
                dependencyCheck additionalArguments: '--scan ./ --format ALL', odcInstallation: 'depcheck'
            }
        }
    }

    post {
        always {
            // Publish the results
            dependencyCheckPublisher pattern: 'dependency-check-report.xml'
            
            // Archive the reports so they can be viewed in Jenkins UI
            archiveArtifacts allowEmptyArchive: true, artifacts: 'dependency-check-report.html'
        }
    }
}