svn commit: r1872609 - in /pig/trunk: CHANGES.txt build.xml ivy.xml ivy/libraries.properties

Fri, 10 Jan 2020 14:06:46 -0800 

Author: knoguchi
Date: Fri Jan 10 22:06:10 2020
New Revision: 1872609

URL: http://svn.apache.org/viewvc?rev=1872609&view=rev
Log:
PIG-5352: Please add OWASP Dependency Check to the build ivy.xml (knoguchi)

Modified:
    pig/trunk/CHANGES.txt
    pig/trunk/build.xml
    pig/trunk/ivy.xml
    pig/trunk/ivy/libraries.properties

Modified: pig/trunk/CHANGES.txt
URL: 
http://svn.apache.org/viewvc/pig/trunk/CHANGES.txt?rev=1872609&r1=1872608&r2=1872609&view=diff
==============================================================================
--- pig/trunk/CHANGES.txt (original)
+++ pig/trunk/CHANGES.txt Fri Jan 10 22:06:10 2020
@@ -26,6 +26,8 @@ PIG-5282: Upgade to Java 8 (satishsaley
  
 IMPROVEMENTS
 
+PIG-5352: Please add OWASP Dependency Check to the build ivy.xml (knoguchi)
+
 PIG-5385: Skip calling extra gc() before spilling large bag when unnecessary 
(knoguchi)
 
 PIG-5389: Passing null to REPLACE udf preventing JIT optimization (knoguchi)

Modified: pig/trunk/build.xml
URL: 
http://svn.apache.org/viewvc/pig/trunk/build.xml?rev=1872609&r1=1872608&r2=1872609&view=diff
==============================================================================
--- pig/trunk/build.xml (original)
+++ pig/trunk/build.xml Fri Jan 10 22:06:10 2020
@@ -268,6 +268,7 @@
     <property name="ivy.lib.dir.spark" location="${ivy.lib.dir}/spark" />
     <property name="build.ivy.report.dir" location="${build.ivy.dir}/report" />
     <property name="build.ivy.maven.dir" location="${build.ivy.dir}/maven" />
+    <property name="build.ivy.owasp.dir" location="${build.ivy.dir}/owasp" />
     <property name="pom.xml" location="${build.ivy.maven.dir}/pom.xml"/>
     <property name="build.ivy.maven.pom" 
location="${build.ivy.maven.dir}/pig-${version}.pom" />
     <property name="build.ivy.maven.jar" 
location="${build.ivy.maven.dir}/pig-${version}-core.jar" />
@@ -1461,6 +1462,21 @@
     <!-- Perform audit activities for the release                           -->
     <!-- ================================================================== -->
 
+    <target name="owasp" depends="ivy-owasp,ivy-compile" description="OWASP 
dependency check">
+        <typedef format="properties" 
resource="dependency-check-taskdefs.properties" 
uri="antlib:org.owasp.dependencycheck.anttasks" classpathref="owasp-classpath"/>
+        <owasp:dependency-check 
xmlns:owasp="antlib:org.owasp.dependencycheck.anttasks"
+                          projectname="Pig"
+                          reportoutputdirectory="${build.dir}/owasp"
+                          reportformat="ALL"
+                          failBuildOnCVSS="0">
+
+            <fileset dir="${ivy.lib.dir}">
+                <include name="**/*.jar"/>
+            </fileset>
+
+        </owasp:dependency-check>
+    </target>
+
     <target name="releaseaudit" depends="ivy-releaseaudit" 
description="generate a release audit report">
         <get 
src="${mvnrepo}/org/apache/rat/apache-rat/${apacherat.version}/apache-rat-${apacherat.version}.jar"
              dest="${basedir}/build/apache-rat-${apacherat.version}.jar"
@@ -1759,6 +1775,12 @@
        <ivy:cachepath pathid="jdiff.classpath" conf="jdiff"/>
      </target>
 
+     <target name="ivy-owasp" depends="ivy-resolve" description="Retrieve 
Ivy-managed artifacts for owasp configuration">
+        <ivy:retrieve settingsRef="${ant.project.name}.ivy.settings" 
log="${loglevel}"
+                      
pattern="${build.ivy.owasp.dir}/${ivy.artifact.retrieve.pattern}" conf="owasp"/>
+        <ivy:cachepath pathid="owasp-classpath" conf="owasp"/>
+    </target>
+
      <target name="ivy-clean-cache" depends="ivy-init-antlib"
              description="Clean the Ivy cache">
          <ivy:cleancache />

Modified: pig/trunk/ivy.xml
URL: 
http://svn.apache.org/viewvc/pig/trunk/ivy.xml?rev=1872609&r1=1872608&r2=1872609&view=diff
==============================================================================
--- pig/trunk/ivy.xml (original)
+++ pig/trunk/ivy.xml Fri Jan 10 22:06:10 2020
@@ -43,6 +43,7 @@
     <conf name="hbase2" visibility="private"/>
     <conf name="spark1" visibility="private" />
     <conf name="spark2" visibility="private" />
+    <conf name="owasp" visibility="private" description="Artifacts required 
for owasp target"/>
   </configurations>
   <publications>
     <artifact name="pig" conf="master"/>
@@ -614,6 +615,9 @@
       conf="hadoop2->master"/>
     <dependency org="org.apache.curator" name="curator-client" 
rev="${curator.version}"
       conf="hadoop2->master"/>
+    <!-- For dependency check -->
+    <dependency org="org.owasp" name="dependency-check-ant"
+                rev="${dependency-check-ant.version}" conf="owasp->default"/>
   </dependencies>
 </ivy-module>
 

Modified: pig/trunk/ivy/libraries.properties
URL: 
http://svn.apache.org/viewvc/pig/trunk/ivy/libraries.properties?rev=1872609&r1=1872608&r2=1872609&view=diff
==============================================================================
--- pig/trunk/ivy/libraries.properties (original)
+++ pig/trunk/ivy/libraries.properties Fri Jan 10 22:06:10 2020
@@ -97,4 +97,5 @@ htrace4.version=4.0.1-incubating
 commons-lang3.version=3.6
 scala-xml.version=1.0.5
 glassfish.el.version=3.0.1-b08
-roaring-bitmap-shaded.version=0.7.14
\ No newline at end of file
+roaring-bitmap-shaded.version=0.7.14
+dependency-check-ant.version=5.2.4

Reply via email to