HADOOP-13198. Add support for OWASP's dependency-check. Contributed by Mike Yoder.

(cherry picked from commit 09b866fd45)
(cherry picked from commit 2ea17f4578)
This commit is contained in:
Andrew Wang 2016-05-24 18:29:45 -07:00
parent 943cefc81e
commit 4b40d7d21f
1 changed files with 17 additions and 0 deletions

17
pom.xml
View File

@ -105,6 +105,7 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs
<maven-bundle-plugin.version>2.5.0</maven-bundle-plugin.version>
<maven-checkstyle-plugin.version>2.15</maven-checkstyle-plugin.version>
<checkstyle.version>6.6</checkstyle.version>
<dependency-check-maven.version>1.3.6</dependency-check-maven.version>
<shell-executable>bash</shell-executable>
</properties>
@ -214,6 +215,11 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs
<outputFile>${project.build.directory}/test/checkstyle-errors.xml</outputFile>
</configuration>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${dependency-check-maven.version}</version>
</plugin>
</plugins>
</pluginManagement>
@ -285,6 +291,17 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs
<artifactId>maven-checkstyle-plugin</artifactId>
<version>${maven-checkstyle-plugin.version}</version>
</plugin>
<plugin>
<!-- OWASP's dependency-check plugin will scan the third party
dependencies of this project for known CVEs (security
vulnerabilities against them). It will produce a report
in target/dependency-check-report.html. To invoke, run
'mvn dependency-check:aggregate'
-->
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${dependency-check-maven.version}</version>
</plugin>
</plugins>
</build>