[turbine-parent] branch master updated: moved owasp to profile

gk Thu, 04 Nov 2021 02:57:54 -0700

This is an automated email from the ASF dual-hosted git repository.

gk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/turbine-parent.git



The following commit(s) were added to refs/heads/master by this push:
     new f74c7f3  moved owasp to profile
f74c7f3 is described below

commit f74c7f31a76592c35ea3f3a4614dfc9edbb1527d
Author: Georg Kallidis <[email protected]>
AuthorDate: Thu Nov 4 10:57:08 2021 +0100

    moved owasp to profile
---
 pom.xml | 80 ++++++++++++++++++++++++++++++++++++++---------------------------
 1 file changed, 47 insertions(+), 33 deletions(-)

diff --git a/pom.xml b/pom.xml
index c615089..49e8f71 100644
--- a/pom.xml
+++ b/pom.xml
@@ -150,35 +150,11 @@
           <artifactId>maven-surefire-plugin</artifactId>
           <version>${turbine.surefire.version}</version>
         </plugin>
-        <!-- run in profile or optionally, use not as reporting plugin, as 
-          it exposes file paths to artifacts and check each possible 
vulnerability 
-          carefully, find more info about how to read, false positives et al. 
here: 
-          
https://jeremylong.github.io/DependencyCheck/dependency-check-maven/plugin-info.html
 
-          or https://github.com/jeremylong/DependencyCheck CLI mvn phase 
-          $>mvn verify -Ddependency.check.skip=false 
-          or to invoke goal only: 
-          $>mvn org.owasp:dependency-check-maven:check 
-          -->
         <plugin>
-          <groupId>org.owasp</groupId>
-          <artifactId>dependency-check-maven</artifactId>
-          <version>${turbine.dependency.check.version}</version>
-          <!-- - find all configuration parameters here: 
https://jeremylong.github.io/DependencyCheck/dependency-check-maven/. 
-            - if process hangs up, check or remove all files including 
odc.mv.db in maven 
-            repo in folder org\owasp\dependency-check-data\4.0\. - requires 
mvn version 
-            > 3.3! For older version try to check v 3.2.1 or 3.1.2 -->
-          <executions>
-            <execution>
-              <goals>
-                <goal>check</goal>
-              </goals>
-            </execution>
-          </executions>
-          <configuration>
-            <skip>${dependency.check.skip}</skip>
-            <!--autoUpdate>false</autoUpdate -->
-          </configuration>
-        </plugin>
+            <groupId>org.owasp</groupId>
+            <artifactId>dependency-check-maven</artifactId>
+            <version>${turbine.dependency.check.version}</version>
+         </plugin>
         <!-- jacoco is since java 8 enabled by default -->
         <!-- jacoco agent may block gpg agent ? -->
         <!-- Be aware, as we exclude tests itself, jacoco only starts, if 
@@ -214,11 +190,6 @@
     <plugins>
       <!-- org.apache.maven.plugins, alpha order by artifact id -->
       <plugin>
-        <groupId>org.owasp</groupId>
-        <artifactId>dependency-check-maven</artifactId>
-        <version>${turbine.dependency.check.version}</version>
-      </plugin>
-      <plugin>
         <groupId>org.jacoco</groupId>
         <artifactId>jacoco-maven-plugin</artifactId>
         <version>${turbine.jacoco.version}</version>
@@ -534,6 +505,49 @@
         </plugins>
       </build>
     </profile>
+   <profile>
+       <!-- run in profile or optionally, use not as reporting plugin, as 
+          it exposes file paths to artifacts and check each possible 
vulnerability 
+          carefully, find more info about how to read, false positives et al. 
here: 
+          
https://jeremylong.github.io/DependencyCheck/dependency-check-maven/plugin-info.html
 
+          or https://github.com/jeremylong/DependencyCheck CLI mvn phase 
+          $>mvn verify -Ddependency.check.skip=false 
+          or to invoke goal only: 
+          $>mvn org.owasp:dependency-check-maven:check 
+       -->
+      <id>owasp</id>
+      <activation>
+        <property>
+            <name>dependency.check.skip</name>
+            <value>!true</value>
+         </property>
+      </activation>
+      <build>
+            <plugins>
+                <plugin>
+                  <groupId>org.owasp</groupId>
+                  <artifactId>dependency-check-maven</artifactId>
+                  <!-- - find all configuration parameters here: 
https://jeremylong.github.io/DependencyCheck/dependency-check-maven/. 
+                    - if process hangs up, check or remove all files including 
odc.mv.db in maven 
+                    repo in folder org/owasp/dependency-check-data/4.0/, if 
mvn version  > 3.3. 
+                    For older version try to check v3.2.1 or 3.1.2 -->
+                  <executions>
+                    <execution>
+                      <goals>
+                        <goal>check</goal>
+                      </goals>
+                    </execution>
+                  </executions>
+                  <configuration>
+                    <skip>${dependency.check.skip}</skip>
+                    <!--autoUpdate>false</autoUpdate -->
+                  </configuration>
+                  <dependencies>
+                  </dependencies>
+                </plugin>
+            </plugins>
+       </build>
+    </profile>
     <!-- using profile to exclude if required, java 12 incompatible -->
     <profile>
       <id>cobertura</id>

[turbine-parent] branch master updated: moved owasp to profile

Reply via email to