diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 0dc547a4feba4..7c68e54681b96 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -48,6 +48,7 @@ fixes, documentation, examples... But first, read this page (including the small
* [Extensions](#extensions)
+ [Descriptions](#descriptions)
+ [Update dependencies to extensions](#update-dependencies-to-extensions)
+ + [Run dependency check](#run-dependency-check)
* [The small print](#the-small-print)
* [Frequently Asked Questions](#frequently-asked-questions)
@@ -694,6 +695,10 @@ were changed by the script.
When removing an extension make sure to also remove all dependencies to it from all `pom.xml`. It's easy to miss this as
long as the extension artifact is still present in your local Maven repository.
+### Run dependency check
+
+When adding a new extension or updating the existing one it is recommended to run [OWASP Dependency Check](https://jeremylong.github.io/DependencyCheck) with `mvn -Pdependency-check` so that known security vulnerabilities can be detected early.
+
## The small print
This project is an open source project, please act responsibly, be nice, polite and enjoy!
diff --git a/build-parent/pom.xml b/build-parent/pom.xml
index 2ff4c7496a5d0..3a90a55cb4533 100644
--- a/build-parent/pom.xml
+++ b/build-parent/pom.xml
@@ -172,6 +172,7 @@
1.1.1
+ 7.4.3
@@ -719,6 +720,18 @@
+
+ org.owasp
+ dependency-check-maven
+ ${owasp-dependency-check-plugin.version}
+
+
+
+ check
+
+
+
+
@@ -1235,7 +1248,17 @@
-
+
+ dependency-check
+
+
+ dependency-check
+
+
+
+ dependency-check:check
+
+
Windows
diff --git a/docs/src/main/asciidoc/security-overview-concept.adoc b/docs/src/main/asciidoc/security-overview-concept.adoc
index 2af860fe09c56..e16ec5e6534e6 100644
--- a/docs/src/main/asciidoc/security-overview-concept.adoc
+++ b/docs/src/main/asciidoc/security-overview-concept.adoc
@@ -344,7 +344,7 @@ To add the OWASP Dependency check plugin to your Quarkus Maven project, add the
[IMPORTANT]
====
-Set the `owasp-dependency-check-plugin.version` value to `7.1.1` or later.
+Set the `owasp-dependency-check-plugin.version` value to `7.4.3` or later.
====
Next, configure the plugin as follows: