mirror of https://github.com/apache/lucene.git
47 lines
1.7 KiB
Groovy
47 lines
1.7 KiB
Groovy
/*
|
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
* contributor license agreements. See the NOTICE file distributed with
|
|
* this work for additional information regarding copyright ownership.
|
|
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
* (the "License"); you may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
|
|
// This adds OWASP vulnerability validation of project dependencies
|
|
|
|
// If -Pvalidation.owasp=true is set the validation will also run as part of the check task.
|
|
|
|
def resources = scriptResources(buildscript)
|
|
|
|
configure(rootProject) {
|
|
dependencyCheck {
|
|
failBuildOnCVSS = propertyOrDefault("validation.owasp.threshold", 7) as Integer
|
|
formats = ['HTML', 'JSON']
|
|
skipProjects = []
|
|
skipConfigurations = ['unifiedClasspath']
|
|
suppressionFile = file("${resources}/exclusions.xml")
|
|
}
|
|
|
|
task owasp() {
|
|
group "Verification"
|
|
description "Check project dependencies against OWASP vulnerability database."
|
|
dependsOn dependencyCheckAggregate
|
|
}
|
|
|
|
// Unless explicitly enabled, do not attach owasp to check. It has a large download
|
|
// footprint and takes a significant amount of time. This should be enabled for
|
|
// nightly CI runs only, I think.
|
|
if (propertyOrDefault("validation.owasp", false).toBoolean()) {
|
|
check.dependsOn owasp
|
|
}
|
|
}
|