[cloudstack] branch master updated: CLOUDSTACK-10271 maven plugin for owasp dependency check added (#2446)

Mon, 09 Mar 2020 04:32:52 -0700 

This is an automated email from the ASF dual-hosted git repository.

dahn pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cloudstack.git


The following commit(s) were added to refs/heads/master by this push:
     new 2d63ed5  CLOUDSTACK-10271 maven plugin for owasp dependency check 
added (#2446)
2d63ed5 is described below

commit 2d63ed5c243bd0732077c0e5485021b2be274aa7
Author: dahn <daan.hoogl...@shapeblue.com>
AuthorDate: Mon Mar 9 12:32:35 2020 +0100

    CLOUDSTACK-10271 maven plugin for owasp dependency check added (#2446)
    
    Co-authored-by: Daan Hoogland <d...@onecht.net>
---
 pom.xml | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3006dd7..e1d9de6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -67,11 +67,13 @@
         <cs.jar-plugin.version>3.2.0</cs.jar-plugin.version>
         <cs.pmd-plugin.version>3.12.0</cs.pmd-plugin.version>
         <cs.project-info-plugin.version>3.0.0</cs.project-info-plugin.version>
+        
<cs.owasp.dependency-checker-plugin.version>3.1.1</cs.owasp.dependency-checker-plugin.version>
         <cs.release-plugin.version>2.5.3</cs.release-plugin.version>
         <cs.resources-plugin.version>3.1.0</cs.resources-plugin.version>
         <cs.site-plugin.version>3.8.2</cs.site-plugin.version>
         <cs.surefire-plugin.version>2.22.2</cs.surefire-plugin.version>
 
+
         <!-- Logging versions -->
         <cs.log4j.version>1.2.17</cs.log4j.version>
         <cs.log4j.extras.version>1.2.17</cs.log4j.extras.version>
@@ -154,6 +156,7 @@
         <cs.neethi.version>2.0.4</cs.neethi.version>
         <cs.nitro.version>10.1</cs.nitro.version>
         <cs.opensaml.version>2.6.4</cs.opensaml.version>
+        <cs.owasp.esapi.version>2.1.0.1</cs.owasp.esapi.version>
         <cs.rados-java.version>0.5.0</cs.rados-java.version>
         <cs.reflections.version>0.9.12</cs.reflections.version>
         <cs.servicemix.version>3.3.3_1</cs.servicemix.version>
@@ -584,7 +587,7 @@
             <dependency>
                 <groupId>org.owasp.esapi</groupId>
                 <artifactId>esapi</artifactId>
-                <version>2.1.0.1</version>
+                <version>${cs.owasp.esapi.version}</version>
             </dependency>
             <!-- Test dependency in mysql for db tests -->
             <dependency>
@@ -731,6 +734,22 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                
<version>${cs.owasp.dependency-checker-plugin.version}</version>
+                <configuration>
+                    <skipProvidedScope>true</skipProvidedScope>
+                    <skipRuntimeScope>true</skipRuntimeScope>
+                </configuration>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>check</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
         <pluginManagement>
             <plugins>
@@ -1137,6 +1156,18 @@
     <reporting>
         <plugins>
             <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                
<version>${cs.owasp.dependency-checker-plugin.version}</version>
+                <reportSets>
+                    <reportSet>
+                        <reports>
+                            <report>aggregate</report>
+                        </reports>
+                    </reportSet>
+                </reportSets>
+            </plugin>
+            <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>findbugs-maven-plugin</artifactId>
                 <version>${cs.findbugs-plugin.version}</version>

Reply via email to