Adding OWASP reporting into pom

This commit is contained in:
Clebert Suconic 2016-09-09 05:13:33 -04:00 committed by Martyn Taylor
parent e81d101610
commit 1fac2df198
2 changed files with 58 additions and 0 deletions

View File

@ -44,4 +44,10 @@ If you are trying to copy the examples somewhere else and modifying them. Consid
# if trying to modify the 'topic' example: # if trying to modify the 'topic' example:
cd examples/jms/topic && mvn dependency:list cd examples/jms/topic && mvn dependency:list
### Open Web Application Security Project (OWASP) Report
If you wish to generate the report for CCV dependencies, you may run it with the -Powasp profile
$ mvn -Powasp verify
The output will be under ./target/dependency-check-report.html **for each** sub-module.

52
pom.xml
View File

@ -86,6 +86,7 @@
<qpid.jms.version>0.11.0</qpid.jms.version> <qpid.jms.version>0.11.0</qpid.jms.version>
<johnzon.version>0.9.5</johnzon.version> <johnzon.version>0.9.5</johnzon.version>
<json-p.spec.version>1.0-alpha-1</json-p.spec.version> <json-p.spec.version>1.0-alpha-1</json-p.spec.version>
<owasp.version>1.4.3</owasp.version>
<activemq.version.versionName>${project.version}</activemq.version.versionName> <activemq.version.versionName>${project.version}</activemq.version.versionName>
<activemq.version.majorVersion>1</activemq.version.majorVersion> <activemq.version.majorVersion>1</activemq.version.majorVersion>
@ -138,6 +139,7 @@
<activemq.basedir>${project.basedir}</activemq.basedir> <activemq.basedir>${project.basedir}</activemq.basedir>
<skipLicenseCheck>true</skipLicenseCheck> <skipLicenseCheck>true</skipLicenseCheck>
<skipStyleCheck>true</skipStyleCheck> <skipStyleCheck>true</skipStyleCheck>
<skipOWASP>true</skipOWASP>
<geronimo.jms.2.spec.version>1.0-alpha-2</geronimo.jms.2.spec.version> <geronimo.jms.2.spec.version>1.0-alpha-2</geronimo.jms.2.spec.version>
<javac-compiler-id>javac-with-errorprone</javac-compiler-id> <javac-compiler-id>javac-with-errorprone</javac-compiler-id>
@ -302,6 +304,19 @@
</dependency> </dependency>
<!-- ### End Build Time Dependencies ### --> <!-- ### End Build Time Dependencies ### -->
<dependency>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-core</artifactId>
<version>${owasp.version}</version>
<!-- License: Apache 2.0 -->
</dependency>
<dependency>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-utils</artifactId>
<version>${owasp.version}</version>
<!-- License: Apache 2.0 -->
</dependency>
<!-- ### Run Time Dependencies: MUST NOT INCLUDE CAT X LICENSES ###--> <!-- ### Run Time Dependencies: MUST NOT INCLUDE CAT X LICENSES ###-->
<dependency> <dependency>
<groupId>org.fusesource.hawtbuf</groupId> <groupId>org.fusesource.hawtbuf</groupId>
@ -608,6 +623,12 @@
</plugins> </plugins>
</build> </build>
</profile> </profile>
<profile>
<id>owasp</id>
<properties>
<skipOWASP>false</skipOWASP>
</properties>
</profile>
<profile> <profile>
<id>dev</id> <id>dev</id>
<modules> <modules>
@ -1208,6 +1229,24 @@
<version>3.0.0</version> <version>3.0.0</version>
<extensions>true</extensions> <extensions>true</extensions>
</plugin> </plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${owasp.version}</version>
<configuration>
<skip>${skipOWASP}</skip>
<!-- <skipProvidedScope>true</skipProvidedScope>
<skipRuntimeScope>true</skipRuntimeScope> -->
</configuration>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins> </plugins>
</build> </build>
@ -1269,6 +1308,19 @@
<artifactId>maven-surefire-report-plugin</artifactId> <artifactId>maven-surefire-report-plugin</artifactId>
<version>2.14.1</version> <version>2.14.1</version>
</plugin> </plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${owasp.version}</version>
<reportSets>
<reportSet>
<reports>
<report>aggregate</report>
</reports>
</reportSet>
</reportSets>
</plugin>
</plugins> </plugins>
</reporting> </reporting>