tez git commit: TEZ-3975. Add OWASP Dependency Check to the build

Wed, 26 Sep 2018 14:04:10 -0700 

Repository: tez
Updated Branches:
  refs/heads/branch-0.9 128cc4bb1 -> 4c732db03


TEZ-3975. Add OWASP Dependency Check to the build

Signed-off-by: Jason Lowe <[email protected]>
(cherry picked from commit 64c04f1121ef1d04118e36b0e4fc3808205a50a8)


Project: http://git-wip-us.apache.org/repos/asf/tez/repo
Commit: http://git-wip-us.apache.org/repos/asf/tez/commit/4c732db0
Tree: http://git-wip-us.apache.org/repos/asf/tez/tree/4c732db0
Diff: http://git-wip-us.apache.org/repos/asf/tez/diff/4c732db0

Branch: refs/heads/branch-0.9
Commit: 4c732db031d3bb476687565f52d9b20a49979116
Parents: 128cc4b
Author: Jonathan Eagles <[email protected]>
Authored: Wed Sep 26 13:48:48 2018 -0700
Committer: Jason Lowe <[email protected]>
Committed: Wed Sep 26 13:54:26 2018 -0700

----------------------------------------------------------------------
 pom.xml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/tez/blob/4c732db0/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 18b5a20..cba30f3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -60,6 +60,7 @@
     <findbugs-maven-plugin.version>3.0.1</findbugs-maven-plugin.version>
     <javadoc-maven-plugin.version>2.10.4</javadoc-maven-plugin.version>
     <shade-maven-plugin.version>2.4.3</shade-maven-plugin.version>
+    <dependency-check-maven.version>1.3.6</dependency-check-maven.version>
   </properties>
   <scm>
     <connection>${scm.url}</connection>
@@ -905,6 +906,11 @@
           </configuration>
         </plugin>
         <plugin>
+          <groupId>org.owasp</groupId>
+          <artifactId>dependency-check-maven</artifactId>
+          <version>${dependency-check-maven.version}</version>
+        </plugin>
+        <plugin>
           <groupId>org.codehaus.mojo</groupId>
           <artifactId>findbugs-maven-plugin</artifactId>
           <version>${findbugs-maven-plugin.version}</version>
@@ -1064,6 +1070,17 @@
           
<excludeFilterFile>${basedir}/findbugs-exclude.xml</excludeFilterFile>
         </configuration>
       </plugin>
+      <plugin>
+       <!-- OWASP's dependency-check plugin will scan the third party
+            dependencies of this project for known CVEs (security
+            vulnerabilities against them). It will produce a report
+            in target/dependency-check-report.html. To invoke, run
+            'mvn dependency-check:aggregate'
+       -->
+       <groupId>org.owasp</groupId>
+       <artifactId>dependency-check-maven</artifactId>
+       <version>${dependency-check-maven.version}</version>
+     </plugin>
    </plugins>
   </build>

Reply via email to