diff --git a/.whitesource b/.whitesource
new file mode 100644
index 00000000..e17b21d0
--- /dev/null
+++ b/.whitesource
@@ -0,0 +1,33 @@
+{
+  "scanSettings": {
+    "configMode": "AUTO",
+    "configExternalURL": "",
+    "projectToken": "",
+    "enableIaC": true,
+    "enableLicenseViolations": true,
+    "baseBranches": ["JoshDevBranch", "master"]
+  },
+  "scanSettingsSAST": {
+    "enableScan": true,
+    "scanPullRequests": true,
+    "incrementalScan": false,
+    "baseBranches": [],
+    "snippetSize": 10
+  },
+  "checkRunSettings": {
+    "vulnerableCheckRunConclusionLevel": "failure",
+    "displayMode": "diff",
+    "useMendCheckNames": true
+  },
+  "issueSettings": {
+    "minSeverityLevel": "MEDIUM",
+    "issueType": "DEPENDENCY"
+  },
+  "remediateSettings": {
+    "workflowRules": {
+      "enabled": true,
+      "extends": ["github>whitesource/merge-confidence:beta"]
+    }
+  }
+}
+
diff --git a/pom.xml b/pom.xml
index 48d4a6bc..5c28589e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,6 +7,8 @@
 	<artifactId>easybuggy</artifactId>
 	<version>1-SNAPSHOT</version>
 	<packaging>war</packaging>
+	
+	
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -19,7 +21,7 @@
 		<jvm.args.print.gc.date.stamps>-XX:+PrintGCDateStamps</jvm.args.print.gc.date.stamps>
 		<jvm.args.gc.log.file.rotation>-XX:+UseGCLogFileRotation</jvm.args.gc.log.file.rotation>
 		<jvm.args.number.of.gc.log.files>-XX:NumberOfGCLogFiles=5</jvm.args.number.of.gc.log.files>
-		<jvm.args.gc.log.file.size>-XX:GCLogFileSize=10M</jvm.args.gc.log.file.size>
+		<jvm.args.gc.log.file.size>-XX:GCLogFileSize=10M</jvm.args.gc.log.file.size> 
 	</properties>
 
 	<profiles>
@@ -56,13 +58,13 @@
 		<dependency>
 			<groupId>javax.servlet</groupId>
 			<artifactId>javax.servlet-api</artifactId>
-			<version>3.0.1</version>
+			<version>4.0.1</version>
 			<scope>provided</scope>
 		</dependency>
 		<dependency>
 			<groupId>javax.servlet.jsp</groupId>
 			<artifactId>jsp-api</artifactId>
-			<version>2.2</version>
+			<version>2.1</version>
 			<scope>provided</scope>
 		</dependency>
 		<dependency>
@@ -73,7 +75,7 @@
 		<dependency>
 			<groupId>org.apache.derby</groupId>
 			<artifactId>derby</artifactId>
-			<version>10.8.3.0</version>
+			<version>10.16.1.2</version>
 		</dependency>
 		<dependency>
 			<groupId>javassist</groupId>
@@ -222,7 +224,7 @@
 				<executions>
 					<execution>
 						<id>startup-uber-start</id>
-						<phase>install</phase>
+						<phase>deploy</phase>
 						<goals>
 							<goal>exec</goal>
 						</goals>
diff --git a/src/main/java/org/t246osslab/easybuggy/core/dao/DBClient.java b/src/main/java/org/t246osslab/easybuggy/core/dao/DBClient.java
index 75c1ebd9..056ddd29 100644
--- a/src/main/java/org/t246osslab/easybuggy/core/dao/DBClient.java
+++ b/src/main/java/org/t246osslab/easybuggy/core/dao/DBClient.java
@@ -1,3 +1,4 @@
+//testJosh - testing incremental scan
 package org.t246osslab.easybuggy.core.dao;
 
 import java.sql.Connection;
diff --git a/src/main/java/org/t246osslab/easybuggy/core/dao/EmbeddedADS.java b/src/main/java/org/t246osslab/easybuggy/core/dao/EmbeddedADS.java
index 68fb4735..9e93748e 100644
--- a/src/main/java/org/t246osslab/easybuggy/core/dao/EmbeddedADS.java
+++ b/src/main/java/org/t246osslab/easybuggy/core/dao/EmbeddedADS.java
@@ -1,3 +1,4 @@
+//testJosh - testing incremental scan
 package org.t246osslab.easybuggy.core.dao;
 
 import org.apache.commons.lang.RandomStringUtils;
diff --git a/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java b/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java
index 195f4491..d734493b 100644
--- a/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java
+++ b/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java
@@ -24,6 +24,7 @@ public abstract class AbstractServlet extends HttpServlet {
      * Send an HTTP response to the client.
      *
      * @param req HTTP servlet request.
+     * TestJosh
      * @param res HTTP servlet response.
      * @param htmlTitle Title of HTML page.
      * @param htmlBody Body of HTML page.
diff --git a/src/main/java/org/t246osslab/easybuggy/errors/AssertionErrorServlet.java b/src/main/java/org/t246osslab/easybuggy/errors/AssertionErrorServlet.java
index a13ab18c..05826ec4 100644
--- a/src/main/java/org/t246osslab/easybuggy/errors/AssertionErrorServlet.java
+++ b/src/main/java/org/t246osslab/easybuggy/errors/AssertionErrorServlet.java
@@ -1,3 +1,4 @@
+//testJosh
 package org.t246osslab.easybuggy.errors;
 
 import java.io.IOException;
diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/ArithmeticExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/ArithmeticExceptionServlet.java
index c64107a5..9a8ed629 100644
--- a/src/main/java/org/t246osslab/easybuggy/exceptions/ArithmeticExceptionServlet.java
+++ b/src/main/java/org/t246osslab/easybuggy/exceptions/ArithmeticExceptionServlet.java
@@ -6,6 +6,7 @@
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponse;
 
 import org.t246osslab.easybuggy.core.servlets.AbstractServlet;
 
diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java
index 1a0f987a..affe466b 100644
--- a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java
+++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java
@@ -60,12 +60,16 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
     private String selectUsers(String name, String password, HttpServletRequest req) {
         
         Connection conn = null;
-        Statement stmt = null;
+        PreparedStatement stmt = null;
         ResultSet rs = null;
         String result = getErrMsg("msg.error.user.not.exist", req.getLocale());
         try {
             conn = DBClient.getConnection();
-            stmt = conn.createStatement();
+            /** stmt = conn.prepareStatement("SELECT name, secret FROM users WHERE ispublic = 'true' AND name='" + name
+                    "SELECT name, secret FROM users WHERE ispublic = 'true' AND name=" + "?" + " AND password=" + "?");
+            */
+            stmt.setString(1, name);
+            stmt.setString(2, password);
             rs = stmt.executeQuery("SELECT name, secret FROM users WHERE ispublic = 'true' AND name='" + name
                     + "' AND password='" + password + "'");
             StringBuilder sb = new StringBuilder();