This is an automated email from the ASF dual-hosted git repository. benjobs pushed a commit to branch dependency-check-maven in repository https://gitbox.apache.org/repos/asf/streampark.git
commit 007b868cbdb8e60944994e279cee96e81597dc09 Author: benjobs <[email protected]> AuthorDate: Mon Jun 30 09:20:45 2025 +0800 [CI] remove dependency-check-maven plugin --- .github/workflows/owasp-dependency-check.yaml | 62 --------------------------- pom.xml | 23 ---------- 2 files changed, 85 deletions(-) diff --git a/.github/workflows/owasp-dependency-check.yaml b/.github/workflows/owasp-dependency-check.yaml deleted file mode 100644 index b24ce19c9..000000000 --- a/.github/workflows/owasp-dependency-check.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -name: OWASP Dependency Check - -on: - push: - branches: - - dev - pull_request_target: - paths: - - '**/pom.xml' - -env: - MAVEN_OPTS: -Dmaven.wagon.httpconnectionManager.ttlSeconds=25 -Dmaven.wagon.http.retryHandler.count=3 - -jobs: - build: - permissions: - contents: read - pull-requests: write - runs-on: ubuntu-latest - timeout-minutes: 120 - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - name: Set up JDK 8 - uses: actions/setup-java@v4 - with: - java-version: 8 - distribution: 'adopt' - - name: Run OWASP Dependency Check - run: | - ./mvnw -B clean install dependency-check:check \ - -Dowasp.skip=false \ - -Dspotless.skip=true \ - -Drat.skip=true - env: - NIST_NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }} - - name: Upload report - uses: actions/upload-artifact@v4 - if: ${{ cancelled() || failure() }} - continue-on-error: true - with: - name: dependency report - path: target/dependency-check-report.html - retention-days: 3 diff --git a/pom.xml b/pom.xml index 804eb49a3..c1de29d32 100644 --- a/pom.xml +++ b/pom.xml @@ -137,7 +137,6 @@ <spotless.scalafmt.version>3.7.5</spotless.scalafmt.version> <maven-checkstyle-plugin.version>3.2.0</maven-checkstyle-plugin.version> <maven-scalastyle-plugin.version>1.0.0</maven-scalastyle-plugin.version> - <owasp-dependency-check-maven.version>10.0.2</owasp-dependency-check-maven.version> <build-helper-maven-plugin.version>3.3.0</build-helper-maven-plugin.version> <streampark.shaded.package>org.apache.streampark.shaded</streampark.shaded.package> <httpclient5.version>5.1</httpclient5.version> @@ -855,28 +854,6 @@ <version>${maven-deploy-plugin.version}</version> </plugin> - <plugin> - <!-- run via "mvn -DskipDependencyCheck=false org.owasp:dependency-check-maven:aggregate" --> - <groupId>org.owasp</groupId> - <artifactId>dependency-check-maven</artifactId> - <version>${owasp-dependency-check-maven.version}</version> - <configuration> - <skip>${owasp.skip}</skip> - <skipProvidedScope>true</skipProvidedScope> - <skipRuntimeScope>true</skipRuntimeScope> - <skipSystemScope>true</skipSystemScope> - <failBuildOnCVSS>7</failBuildOnCVSS> - <nvdApiKeyEnvironmentVariable>NIST_NVD_API_KEY</nvdApiKeyEnvironmentVariable> - </configuration> - <executions> - <execution> - <goals> - <goal>aggregate</goal> - </goals> - </execution> - </executions> - </plugin> - <!--mvn apache-rat:check--> <plugin> <groupId>org.apache.rat</groupId>
