add project URL evidence from pom

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java

@@ -565,6 +565,11 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
             addMatchingValues(classes, trimmedDescription, dependency.getVendorEvidence());
             addMatchingValues(classes, trimmedDescription, dependency.getProductEvidence());
         }
+        
+        String projectURL = pom.getProjectURL();
+        if(projectURL != null && !projectURL.trim().isEmpty()) {
+            dependency.getVersionEvidence().addEvidence("pom", "url", projectURL, Confidence.HIGHEST);
+        }
 
         extractLicense(pom, dependency);
         return foundSomething;

dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/Model.java

@@ -260,6 +260,29 @@ public class Model {
     public void addLicense(License license) {
         licenses.add(license);
     }
+    
+    /**
+     * The project URL.
+     */
+    private String projectURL;
+
+    /**
+     * Get the value of projectURL.
+     *
+     * @return the value of projectURL
+     */
+    public String getProjectURL() {
+		return projectURL;
+	}
+
+    /**
+     * Set the value of projectURL.
+     *
+     * @param parentVersion new value of projectURL
+     */
+	public void setProjectURL(String projectURL) {
+		this.projectURL = projectURL;
+	}
 
     /**
      * Process the Maven properties file and interpolate all properties.
@@ -276,11 +299,11 @@ public class Model {
             l.setUrl(interpolateString(l.getUrl(), properties));
         }
         this.name = interpolateString(this.name, properties);
+        this.projectURL = interpolateString(this.projectURL, properties);
         this.organization = interpolateString(this.organization, properties);
         this.parentGroupId = interpolateString(this.parentGroupId, properties);
         this.parentArtifactId = interpolateString(this.parentArtifactId, properties);
         this.parentVersion = interpolateString(this.parentVersion, properties);
-
     }
 
     /**
@@ -317,7 +340,7 @@ public class Model {
         return substitutor.replace(text);
     }
 
-    /**
+	/**
      * Utility class that can provide values from a Properties object to a StrSubstitutor.
      */
     private static class PropertyLookup extends StrLookup {

dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomHandler.java

@@ -145,6 +145,8 @@ public class PomHandler extends DefaultHandler {
                 model.setOrganization(currentText.toString());
             } else if (DESCRIPTION.equals(qName)) {
                 model.setDescription(currentText.toString());
+            } else if (URL.equals(qName)) {
+                model.setProjectURL(currentText.toString());
             }
         } else if (PARENT.equals(parentNode)) {
             if (GROUPID.equals(qName)) {