You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bd...@apache.org on 2016/10/21 14:26:36 UTC
[8/9] shiro git commit: SHIRO-576 Added OWASP dependency check plugin
SHIRO-576 Added OWASP dependency check plugin
NOTE: this plugin config will return false positives, usage will require human interpretation (and should NOT be used to fail builds)
Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/84685c6d
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/84685c6d
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/84685c6d
Branch: refs/heads/1.4.x
Commit: 84685c6db20f5dbfc06c6d168a86877486b8b74b
Parents: 49c7193
Author: Brian Demers <bd...@apache.org>
Authored: Thu Oct 20 11:18:27 2016 -0400
Committer: Brian Demers <bd...@apache.org>
Committed: Thu Oct 20 11:18:27 2016 -0400
----------------------------------------------------------------------
pom.xml | 51 ++++++++++++++++++++++++++++++++++++++++++
src/owasp-suppression.xml | 22 ++++++++++++++++++
2 files changed, 73 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/shiro/blob/84685c6d/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index af1d102..cfc31ee 100644
--- a/pom.xml
+++ b/pom.xml
@@ -405,6 +405,11 @@
</requestLog>
</configuration>
</plugin>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>1.4.3</version>
+ </plugin>
</plugins>
</pluginManagement>
<plugins>
@@ -1262,5 +1267,51 @@
</site>
</distributionManagement>
</profile>
+ <profile>
+ <!-- NOTE: this plugin config will return false positives, usage will require
+ human interpretation (and should NOT be used to fail builds)
+ -->
+ <id>owasp</id>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <inherited>false</inherited>
+ <configuration>
+ <suppressionFile>${root.dir}/src/owasp-suppression.xml</suppressionFile>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <goal>aggregate</goal>
+ </goals>
+ <inherited>false</inherited>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <inherited>false</inherited>
+ <configuration>
+ <suppressionFile>${root.dir}/src/owasp-suppression.xml</suppressionFile>
+ <name>OWASP Dependency Check</name>
+ </configuration>
+ <reportSets>
+ <reportSet>
+ <reports>
+ <report>aggregate</report>
+ </reports>
+ </reportSet>
+ </reportSets>
+ </plugin>
+ </plugins>
+ </reporting>
+ </profile>
</profiles>
</project>
http://git-wip-us.apache.org/repos/asf/shiro/blob/84685c6d/src/owasp-suppression.xml
----------------------------------------------------------------------
diff --git a/src/owasp-suppression.xml b/src/owasp-suppression.xml
new file mode 100644
index 0000000..1fb0ec4
--- /dev/null
+++ b/src/owasp-suppression.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+
+ <suppress>
+ <notes><![CDATA[ file name: tomcat-embed-core-8.5.5.jar ]]></notes>
+ <sha1>d55e12a418ff99ecd723a118c2a28bb91079972d</sha1>
+ <cpe>cpe:/a:apache:tomcat:8.5.5</cpe>
+ </suppress>
+
+ <suppress>
+ <notes><![CDATA[ file name: tomcat-embed-websocket-8.5.5.jar ]]></notes>
+ <sha1>fd99cd1cd4c824abdf03466f0509f067747f0d1a</sha1>
+ <cpe>cpe:/a:apache:tomcat:8.5.5</cpe>
+ </suppress>
+
+ <suppress>
+ <notes><![CDATA[ file name: opensaml-1.1.jar ]]></notes>
+ <sha1>21ec22368b6baa211a29887e162aa4cf9a8f3c60</sha1>
+ <cpe>cpe:/a:internet2:opensaml:1.1</cpe>
+ </suppress>
+
+</suppressions>
\ No newline at end of file