diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 0dc547a4feba4..0a630125f7f29 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -48,6 +48,7 @@ fixes, documentation, examples... But first, read this page (including the small
* [Extensions](#extensions)
+ [Descriptions](#descriptions)
+ [Update dependencies to extensions](#update-dependencies-to-extensions)
+ + [Check security vulnerabilities](#check-security-vulnerabilities)
* [The small print](#the-small-print)
* [Frequently Asked Questions](#frequently-asked-questions)
@@ -694,6 +695,12 @@ were changed by the script.
When removing an extension make sure to also remove all dependencies to it from all `pom.xml`. It's easy to miss this as
long as the extension artifact is still present in your local Maven repository.
+### Check security vulnerabilities
+
+When adding a new extension or updating the dependencies of an existing one,
+it is recommended to run in the extension directory the [OWASP Dependency Check](https://jeremylong.github.io/DependencyCheck) with `mvn -Dowasp-check`
+so that known security vulnerabilities in the extension dependencies can be detected early.
+
## The small print
This project is an open source project, please act responsibly, be nice, polite and enjoy!
diff --git a/build-parent/pom.xml b/build-parent/pom.xml
index 2ff4c7496a5d0..ece649287c5ec 100644
--- a/build-parent/pom.xml
+++ b/build-parent/pom.xml
@@ -172,6 +172,7 @@
1.1.1
+ 7.4.4
@@ -719,6 +720,17 @@
+
+ org.owasp
+ dependency-check-maven
+ ${owasp-dependency-check-plugin.version}
+
+
+ false
+ false
+ false
+
+
@@ -1235,7 +1247,17 @@
-
+
+ owasp-check
+
+
+ owasp-check
+
+
+
+ dependency-check:check
+
+
Windows
diff --git a/docs/src/main/asciidoc/security-overview-concept.adoc b/docs/src/main/asciidoc/security-overview-concept.adoc
index 2af860fe09c56..e16ec5e6534e6 100644
--- a/docs/src/main/asciidoc/security-overview-concept.adoc
+++ b/docs/src/main/asciidoc/security-overview-concept.adoc
@@ -344,7 +344,7 @@ To add the OWASP Dependency check plugin to your Quarkus Maven project, add the
[IMPORTANT]
====
-Set the `owasp-dependency-check-plugin.version` value to `7.1.1` or later.
+Set the `owasp-dependency-check-plugin.version` value to `7.4.3` or later.
====
Next, configure the plugin as follows: