[incubator-streampark] branch dev updated: [Improve] Support dependency-check-maven plugin (#2667)

Sun, 30 Apr 2023 03:51:16 -0700 

This is an automated email from the ASF dual-hosted git repository.

benjobs pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/incubator-streampark.git


The following commit(s) were added to refs/heads/dev by this push:
     new cc8f336ae [Improve] Support dependency-check-maven plugin (#2667)
cc8f336ae is described below

commit cc8f336ae9d9a327ea8f2c994da242f926e95f3d
Author: zhoulii <[email protected]>
AuthorDate: Sun Apr 30 18:51:04 2023 +0800

    [Improve] Support dependency-check-maven plugin (#2667)
    
    Co-authored-by: zhoulii <[email protected]>
---
 pom.xml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/pom.xml b/pom.xml
index 578d4cacd..8c9ae5eac 100644
--- a/pom.xml
+++ b/pom.xml
@@ -132,6 +132,7 @@
         <maven-spotless-plugin.version>2.27.2</maven-spotless-plugin.version>
         <spotless.scalafmt.version>3.4.3</spotless.scalafmt.version>
         
<maven-checkstyle-plugin.version>3.2.0</maven-checkstyle-plugin.version>
+        
<owasp-dependency-check-maven.version>8.2.1</owasp-dependency-check-maven.version>
         
<build-helper-maven-plugin.version>3.3.0</build-helper-maven-plugin.version>
         
<streampark.shaded.package>org.apache.streampark.shaded</streampark.shaded.package>
         
<flink.table.uber.artifact.id>flink-table-uber_${scala.binary.version}</flink.table.uber.artifact.id>
@@ -145,6 +146,7 @@
         <MaxPermGen>512m</MaxPermGen>
         <CodeCacheSize>512m</CodeCacheSize>
         <MaxMetaspace>512m</MaxMetaspace>
+        <skipDependencyCheck>true</skipDependencyCheck>
     </properties>
 
     <dependencyManagement>
@@ -718,6 +720,26 @@
                     <artifactId>maven-deploy-plugin</artifactId>
                     <version>${maven-deploy-plugin.version}</version>
                 </plugin>
+
+                <plugin>
+                    <!-- run via "mvn -Pscala-2.12 -DskipDependencyCheck=false 
org.owasp:dependency-check-maven:aggregate" -->
+                    <groupId>org.owasp</groupId>
+                    <artifactId>dependency-check-maven</artifactId>
+                    <version>${owasp-dependency-check-maven.version}</version>
+                    <configuration>
+                        <skip>${skipDependencyCheck}</skip>
+                        <format>ALL</format>
+                        <skipProvidedScope>true</skipProvidedScope>
+                        <skipSystemScope>true</skipSystemScope>
+                    </configuration>
+                    <executions>
+                        <execution>
+                            <goals>
+                                <goal>aggregate</goal>
+                            </goals>
+                        </execution>
+                    </executions>
+                </plugin>
             </plugins>
         </pluginManagement>
 
@@ -746,6 +768,11 @@
                 <groupId>com.diffplug.spotless</groupId>
                 <artifactId>spotless-maven-plugin</artifactId>
             </plugin>
+
+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+            </plugin>
         </plugins>
 
     </build>

Reply via email to