diff --git a/README.md b/README.md
index f045ac4..a1f6678 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,7 @@
 [![codecov](https://codecov.io/gh/wenhao/jpa-spec/branch/master/graph/badge.svg)](https://codecov.io/gh/wenhao/jpa-spec)
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fwenhao%2Fjpa-spec.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fwenhao%2Fjpa-spec?ref=badge_shield)
 [![codebeat badge](https://codebeat.co/badges/59fb555b-ff2e-4547-8c36-decc4b05616c)](https://codebeat.co/projects/github-com-wenhao-jpa-spec-master)
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/3052/badge)](https://bestpractices.coreinfrastructure.org/projects/3052)
 ![MIT](https://img.shields.io/badge/license-MIT-brightgreen)
 
 # jpa-spec
diff --git a/README_CN.md b/README_CN.md
index aae4cc4..f8fe4b5 100644
--- a/README_CN.md
+++ b/README_CN.md
@@ -2,6 +2,7 @@
 [![codecov](https://codecov.io/gh/wenhao/jpa-spec/branch/master/graph/badge.svg)](https://codecov.io/gh/wenhao/jpa-spec)
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fwenhao%2Fjpa-spec.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fwenhao%2Fjpa-spec?ref=badge_shield)
 [![codebeat badge](https://codebeat.co/badges/59fb555b-ff2e-4547-8c36-decc4b05616c)](https://codebeat.co/projects/github-com-wenhao-jpa-spec-master)
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/3052/badge)](https://bestpractices.coreinfrastructure.org/projects/3052)
 ![MIT](https://img.shields.io/badge/license-MIT-brightgreen)
 
 # jpa-spec
diff --git a/build.gradle b/build.gradle
index ce48e53..5fcf085 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,7 +1,15 @@
+buildscript {
+    repositories {
+        mavenCentral()
+    }
+    dependencies {
+        classpath 'org.owasp:dependency-check-gradle:5.2.1'
+    }
+}
 plugins {
     id 'com.gradle.build-scan' version '2.2.1'
     id "com.jfrog.bintray" version "1.8.4"
-    id "org.owasp.dependencycheck" version "5.0.0-M1"
+    id "org.owasp.dependencycheck" version "5.2.1"
     id 'com.github.kt3k.coveralls' version '2.7.1'
     id 'checkstyle'
     id 'java-library'
@@ -141,6 +149,7 @@ jacocoTestCoverageVerification {
 }
 
 check.dependsOn jacocoTestCoverageVerification
+check.dependsOn dependencyCheckAnalyze
 
 coveralls {
     jacocoReportPath 'build/reports/jacoco/jacocoTestReport/jacocoTestReport.xml'