HADOOP-13198. Add support for OWASP's dependency-check. Contributed by Mike Yoder.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/09b866fd Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/09b866fd Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/09b866fd Branch: refs/heads/HDFS-1312 Commit: 09b866fd45664ff977702b58b6338ce209729a97 Parents: edd716e Author: Andrew Wang <[email protected]> Authored: Tue May 24 18:29:45 2016 -0700 Committer: Andrew Wang <[email protected]> Committed: Tue May 24 18:29:45 2016 -0700 ---------------------------------------------------------------------- pom.xml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/09b866fd/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 9756133..d819caa 100644 --- a/pom.xml +++ b/pom.xml @@ -106,6 +106,7 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs <lifecycle-mapping.version>1.0.0</lifecycle-mapping.version> <maven-checkstyle-plugin.version>2.15</maven-checkstyle-plugin.version> <checkstyle.version>6.6</checkstyle.version> + <dependency-check-maven.version>1.3.6</dependency-check-maven.version> <shell-executable>bash</shell-executable> </properties> @@ -323,6 +324,11 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs <outputFile>${project.build.directory}/test/checkstyle-errors.xml</outputFile> </configuration> </plugin> + <plugin> + <groupId>org.owasp</groupId> + <artifactId>dependency-check-maven</artifactId> + <version>${dependency-check-maven.version}</version> + </plugin> </plugins> </pluginManagement> @@ -394,6 +400,17 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs <artifactId>maven-checkstyle-plugin</artifactId> <version>${maven-checkstyle-plugin.version}</version> </plugin> + <plugin> + <!-- OWASP's dependency-check plugin will scan the third party + dependencies of this project for known CVEs (security + vulnerabilities against them). It will produce a report + in target/dependency-check-report.html. To invoke, run + 'mvn dependency-check:aggregate' + --> + <groupId>org.owasp</groupId> + <artifactId>dependency-check-maven</artifactId> + <version>${dependency-check-maven.version}</version> + </plugin> </plugins> </build> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
