Adding OWASP reporting into pom
This commit is contained in:
parent
e81d101610
commit
1fac2df198
|
@ -44,4 +44,10 @@ If you are trying to copy the examples somewhere else and modifying them. Consid
|
||||||
# if trying to modify the 'topic' example:
|
# if trying to modify the 'topic' example:
|
||||||
cd examples/jms/topic && mvn dependency:list
|
cd examples/jms/topic && mvn dependency:list
|
||||||
|
|
||||||
|
### Open Web Application Security Project (OWASP) Report
|
||||||
|
|
||||||
|
If you wish to generate the report for CCV dependencies, you may run it with the -Powasp profile
|
||||||
|
|
||||||
|
$ mvn -Powasp verify
|
||||||
|
|
||||||
|
The output will be under ./target/dependency-check-report.html **for each** sub-module.
|
52
pom.xml
52
pom.xml
|
@ -86,6 +86,7 @@
|
||||||
<qpid.jms.version>0.11.0</qpid.jms.version>
|
<qpid.jms.version>0.11.0</qpid.jms.version>
|
||||||
<johnzon.version>0.9.5</johnzon.version>
|
<johnzon.version>0.9.5</johnzon.version>
|
||||||
<json-p.spec.version>1.0-alpha-1</json-p.spec.version>
|
<json-p.spec.version>1.0-alpha-1</json-p.spec.version>
|
||||||
|
<owasp.version>1.4.3</owasp.version>
|
||||||
|
|
||||||
<activemq.version.versionName>${project.version}</activemq.version.versionName>
|
<activemq.version.versionName>${project.version}</activemq.version.versionName>
|
||||||
<activemq.version.majorVersion>1</activemq.version.majorVersion>
|
<activemq.version.majorVersion>1</activemq.version.majorVersion>
|
||||||
|
@ -138,6 +139,7 @@
|
||||||
<activemq.basedir>${project.basedir}</activemq.basedir>
|
<activemq.basedir>${project.basedir}</activemq.basedir>
|
||||||
<skipLicenseCheck>true</skipLicenseCheck>
|
<skipLicenseCheck>true</skipLicenseCheck>
|
||||||
<skipStyleCheck>true</skipStyleCheck>
|
<skipStyleCheck>true</skipStyleCheck>
|
||||||
|
<skipOWASP>true</skipOWASP>
|
||||||
<geronimo.jms.2.spec.version>1.0-alpha-2</geronimo.jms.2.spec.version>
|
<geronimo.jms.2.spec.version>1.0-alpha-2</geronimo.jms.2.spec.version>
|
||||||
|
|
||||||
<javac-compiler-id>javac-with-errorprone</javac-compiler-id>
|
<javac-compiler-id>javac-with-errorprone</javac-compiler-id>
|
||||||
|
@ -302,6 +304,19 @@
|
||||||
</dependency>
|
</dependency>
|
||||||
<!-- ### End Build Time Dependencies ### -->
|
<!-- ### End Build Time Dependencies ### -->
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.owasp</groupId>
|
||||||
|
<artifactId>dependency-check-core</artifactId>
|
||||||
|
<version>${owasp.version}</version>
|
||||||
|
<!-- License: Apache 2.0 -->
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.owasp</groupId>
|
||||||
|
<artifactId>dependency-check-utils</artifactId>
|
||||||
|
<version>${owasp.version}</version>
|
||||||
|
<!-- License: Apache 2.0 -->
|
||||||
|
</dependency>
|
||||||
|
|
||||||
<!-- ### Run Time Dependencies: MUST NOT INCLUDE CAT X LICENSES ###-->
|
<!-- ### Run Time Dependencies: MUST NOT INCLUDE CAT X LICENSES ###-->
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.fusesource.hawtbuf</groupId>
|
<groupId>org.fusesource.hawtbuf</groupId>
|
||||||
|
@ -608,6 +623,12 @@
|
||||||
</plugins>
|
</plugins>
|
||||||
</build>
|
</build>
|
||||||
</profile>
|
</profile>
|
||||||
|
<profile>
|
||||||
|
<id>owasp</id>
|
||||||
|
<properties>
|
||||||
|
<skipOWASP>false</skipOWASP>
|
||||||
|
</properties>
|
||||||
|
</profile>
|
||||||
<profile>
|
<profile>
|
||||||
<id>dev</id>
|
<id>dev</id>
|
||||||
<modules>
|
<modules>
|
||||||
|
@ -1208,6 +1229,24 @@
|
||||||
<version>3.0.0</version>
|
<version>3.0.0</version>
|
||||||
<extensions>true</extensions>
|
<extensions>true</extensions>
|
||||||
</plugin>
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.owasp</groupId>
|
||||||
|
<artifactId>dependency-check-maven</artifactId>
|
||||||
|
<version>${owasp.version}</version>
|
||||||
|
<configuration>
|
||||||
|
<skip>${skipOWASP}</skip>
|
||||||
|
<!-- <skipProvidedScope>true</skipProvidedScope>
|
||||||
|
<skipRuntimeScope>true</skipRuntimeScope> -->
|
||||||
|
</configuration>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<goals>
|
||||||
|
<goal>check</goal>
|
||||||
|
</goals>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
|
||||||
</plugins>
|
</plugins>
|
||||||
</build>
|
</build>
|
||||||
|
|
||||||
|
@ -1269,6 +1308,19 @@
|
||||||
<artifactId>maven-surefire-report-plugin</artifactId>
|
<artifactId>maven-surefire-report-plugin</artifactId>
|
||||||
<version>2.14.1</version>
|
<version>2.14.1</version>
|
||||||
</plugin>
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.owasp</groupId>
|
||||||
|
<artifactId>dependency-check-maven</artifactId>
|
||||||
|
<version>${owasp.version}</version>
|
||||||
|
<reportSets>
|
||||||
|
<reportSet>
|
||||||
|
<reports>
|
||||||
|
<report>aggregate</report>
|
||||||
|
</reports>
|
||||||
|
</reportSet>
|
||||||
|
</reportSets>
|
||||||
|
</plugin>
|
||||||
|
|
||||||
</plugins>
|
</plugins>
|
||||||
</reporting>
|
</reporting>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue