tez git commit: TEZ-3975. Add OWASP Dependency Check to the build

Wed, 26 Sep 2018 13:54:31 -0700 

Repository: tez
Updated Branches:
  refs/heads/master 22e2a2179 -> 64c04f112


TEZ-3975. Add OWASP Dependency Check to the build

Signed-off-by: Jason Lowe <[email protected]>


Project: http://git-wip-us.apache.org/repos/asf/tez/repo
Commit: http://git-wip-us.apache.org/repos/asf/tez/commit/64c04f11
Tree: http://git-wip-us.apache.org/repos/asf/tez/tree/64c04f11
Diff: http://git-wip-us.apache.org/repos/asf/tez/diff/64c04f11

Branch: refs/heads/master
Commit: 64c04f1121ef1d04118e36b0e4fc3808205a50a8
Parents: 22e2a21
Author: Jonathan Eagles <[email protected]>
Authored: Wed Sep 26 13:48:48 2018 -0700
Committer: Jason Lowe <[email protected]>
Committed: Wed Sep 26 13:48:48 2018 -0700

----------------------------------------------------------------------
 pom.xml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/tez/blob/64c04f11/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 8add2e0..8bce5dd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -61,6 +61,7 @@
     <findbugs-maven-plugin.version>3.0.1</findbugs-maven-plugin.version>
     <javadoc-maven-plugin.version>2.10.4</javadoc-maven-plugin.version>
     <shade-maven-plugin.version>2.4.3</shade-maven-plugin.version>
+    <dependency-check-maven.version>1.3.6</dependency-check-maven.version>
   </properties>
   <scm>
     <connection>${scm.url}</connection>
@@ -906,6 +907,11 @@
           </configuration>
         </plugin>
         <plugin>
+          <groupId>org.owasp</groupId>
+          <artifactId>dependency-check-maven</artifactId>
+          <version>${dependency-check-maven.version}</version>
+        </plugin>
+        <plugin>
           <groupId>org.codehaus.mojo</groupId>
           <artifactId>findbugs-maven-plugin</artifactId>
           <version>${findbugs-maven-plugin.version}</version>
@@ -1065,6 +1071,17 @@
           
<excludeFilterFile>${basedir}/findbugs-exclude.xml</excludeFilterFile>
         </configuration>
       </plugin>
+      <plugin>
+       <!-- OWASP's dependency-check plugin will scan the third party
+            dependencies of this project for known CVEs (security
+            vulnerabilities against them). It will produce a report
+            in target/dependency-check-report.html. To invoke, run
+            'mvn dependency-check:aggregate'
+       -->
+       <groupId>org.owasp</groupId>
+       <artifactId>dependency-check-maven</artifactId>
+       <version>${dependency-check-maven.version}</version>
+     </plugin>
    </plugins>
   </build>

Reply via email to