This is an automated email from the ASF dual-hosted git repository. ningjiang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/servicecomb-pack.git
commit 0fb536c33c9abd47b39ead909087adf9be77af44 Author: Willem Jiang <[email protected]> AuthorDate: Fri Feb 25 17:36:29 2022 +0800 SCB-2368 Added the dependency check maven plugin --- pom.xml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/pom.xml b/pom.xml index b64423c..f8ca805 100644 --- a/pom.xml +++ b/pom.xml @@ -79,6 +79,7 @@ <hystrix.version>1.5.12</hystrix.version> <openfeign.version>9.5.1</openfeign.version> <mockito.version>2.23.4</mockito.version> + <dependency-check.version>6.5.3</dependency-check.version> </properties> <name>Apache ServiceComb Pack</name> @@ -875,6 +876,36 @@ <profiles> <profile> + <id>dependency-check</id> + <build> + <plugins> + <plugin> + <groupId>org.owasp</groupId> + <artifactId>dependency-check-maven</artifactId> + <version>${dependency-check.version}</version> + <configuration> + <name>notifier-dependency-check</name> + <format>HTML</format> + <failBuildOnCVSS>9</failBuildOnCVSS> + <failOnError>false</failOnError> + <skipProvidedScope>true</skipProvidedScope> + <skipRuntimeScope>true</skipRuntimeScope> + <skipTestScope>true</skipTestScope> + <retireJsAnalyzerEnabled>false</retireJsAnalyzerEnabled> + <skipArtifactType>pom</skipArtifactType> + </configuration> + <executions> + <execution> + <goals> + <goal>aggregate</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> + </profile> + <profile> <id>release</id> <modules> <module>demo</module>
