Repository: mina-sshd Updated Branches: refs/heads/master 9715c34fd -> 5ac66a844
[SSHD-837] Added OWASP vulnerabilities Maven plugin check (as profile) Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/5ac66a84 Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/5ac66a84 Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/5ac66a84 Branch: refs/heads/master Commit: 5ac66a8442e71ab3b739d1ab2e488e18ab4be18c Parents: 9715c34 Author: Lyor Goldstein <[email protected]> Authored: Sun Aug 5 20:33:23 2018 +0300 Committer: Lyor Goldstein <[email protected]> Committed: Sun Aug 5 20:33:57 2018 +0300 ---------------------------------------------------------------------- pom.xml | 30 ++++++++++++++++++++++++++++++ sshd-owasp-suppressions.xml | 12 ++++++++++++ 2 files changed, 42 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/5ac66a84/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index e9bb41a..fb2bde9 100644 --- a/pom.xml +++ b/pom.xml @@ -156,6 +156,36 @@ </build> </profile> <profile> + <!-- mvn -Powasp verify --> + <id>owasp</id> + <build> + <plugins> + <plugin> + <groupId>org.owasp</groupId> + <artifactId>dependency-check-maven</artifactId> + <version>3.3.0</version> + <!-- see https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html --> + <configuration> + <!-- see https://github.com/jeremylong/DependencyCheck/issues/1394 --> + <retireJsAnalyzerEnabled>false</retireJsAnalyzerEnabled> + <suppressionFiles> + <suppressionFile>${workspace.root.dir}${file.separator}sshd-owasp-suppressions.xml</suppressionFile> + </suppressionFiles> + </configuration> + <executions> + <execution> + <id>run-owasp-dependency-check</id> + <!-- Note: phase must be AFTER detection of workspace root dir --> + <goals> + <goal>check</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> + </profile> + <profile> <id>javac-errorprone</id> <build> <plugins> http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/5ac66a84/sshd-owasp-suppressions.xml ---------------------------------------------------------------------- diff --git a/sshd-owasp-suppressions.xml b/sshd-owasp-suppressions.xml new file mode 100644 index 0000000..6f6078b --- /dev/null +++ b/sshd-owasp-suppressions.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd";> + <suppress> + <notes> + <![CDATA[ + file name: tomcat-apr-5.5.23.jar + ]]> + </notes> + <gav regex="true">^tomcat:tomcat-apr:.*$</gav> + <cpe>cpe:/a:apache:tomcat</cpe> + </suppress> +</suppressions> \ No newline at end of file
