This is an automated email from the ASF dual-hosted git repository. stoty pushed a commit to branch 4.x in repository https://gitbox.apache.org/repos/asf/phoenix.git
The following commit(s) were added to refs/heads/4.x by this push: new 5cbb813 PHOENIX-6065 Add OWASP dependency check, and update the flagged direct dependencies 5cbb813 is described below commit 5cbb8134033530322ff42f992ea254eb79be6445 Author: Istvan Toth <st...@apache.org> AuthorDate: Fri Aug 28 09:15:17 2020 +0200 PHOENIX-6065 Add OWASP dependency check, and update the flagged direct dependencies --- BUILDING.md | 8 ++++++++ pom.xml | 33 +++++++++++++++++++++++++++++++-- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/BUILDING.md b/BUILDING.md index 8a7d531..57116bd 100644 --- a/BUILDING.md +++ b/BUILDING.md @@ -89,6 +89,14 @@ generated at /target/site/jacoco/index.html To skip code coverage analysis `$ mvn verify -Dskip.code-coverage` +Running OWASP Dependency-Check +------------------------------ + +To run OWASP Dependency-Check (https://owasp.org/www-project-dependency-check/) +`$ mvn verify -DskipTests -Dowasp-check` + +The report is generated in target/dependency-check-report.html + Findbugs -------- diff --git a/pom.xml b/pom.xml index b98c498..4376310 100644 --- a/pom.xml +++ b/pom.xml @@ -153,8 +153,9 @@ <!-- JaCoCo thresholds which we can override in each sub-module if required --> <jacoco.instruction.coverage.percentage>0.700</jacoco.instruction.coverage.percentage> <jacoco.branch.coverage.percentage>0.600</jacoco.branch.coverage.percentage> - <curator.version>2.12.0</curator.version> + <curator.version>2.12.0</curator.version> + <maven-owasp-plugin.version>5.3.2</maven-owasp-plugin.version> </properties> <build> @@ -1248,7 +1249,35 @@ </properties> </profile> - + <profile> + <id>owasp-dependency-check</id> + <activation> + <property> + <name>owasp-check</name> + </property> + </activation> + <build> + <plugins> + <plugin> + <groupId>org.owasp</groupId> + <artifactId>dependency-check-maven</artifactId> + <version>${maven-owasp-plugin.version}</version> + <configuration> + <skipProvidedScope>true</skipProvidedScope> + <skipRuntimeScope>true</skipRuntimeScope> + <skipSystemScope>true</skipSystemScope> + </configuration> + <executions> + <execution> + <goals> + <goal>aggregate</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> + </profile> <profile> <id>codecoverage</id>