You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jo...@apache.org on 2021/04/13 03:47:34 UTC
[nifi] branch main updated: NIFI-5541 This closes #4971. Added
OWASP Maven build profile for dependency checking
This is an automated email from the ASF dual-hosted git repository.
joewitt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 06ebb76 NIFI-5541 This closes #4971. Added OWASP Maven build profile for dependency checking
06ebb76 is described below
commit 06ebb761a2306458799b7c15426eb95c169fb7bc
Author: exceptionfactory <ex...@apache.org>
AuthorDate: Wed Mar 31 14:44:32 2021 -0500
NIFI-5541 This closes #4971. Added OWASP Maven build profile for dependency checking
Signed-off-by: Joe Witt <jo...@apache.org>
---
nifi-dependency-check-maven/suppressions.xml | 24 ++++++++++++++++++++++++
pom.xml | 28 ++++++++++++++++++++++++++++
2 files changed, 52 insertions(+)
diff --git a/nifi-dependency-check-maven/suppressions.xml b/nifi-dependency-check-maven/suppressions.xml
new file mode 100644
index 0000000..0dd3ca6
--- /dev/null
+++ b/nifi-dependency-check-maven/suppressions.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+ <suppress>
+ <notes><![CDATA[
+ Suppress false positives for Apache NiFi packages
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.nifi/.*$</packageUrl>
+ <cpe regex="true">^cpe:.*$</cpe>
+ </suppress>
+</suppressions>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index e908c51..3e24d94 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1004,5 +1004,33 @@
should be overridden on the command-line <hadoop.version>2.6.0-cdh5.8.1</hadoop.version> -->
</properties>
</profile>
+ <profile>
+ <!-- Run "mvn clean verify -P owasp" to generate dependency-check-report.html in the target directory -->
+ <!-- Report results require detailed analysis to determine whether the vulnerability impacts the application -->
+ <id>owasp</id>
+ <properties>
+ <skipTests>true</skipTests>
+ </properties>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>6.1.5</version>
+ <executions>
+ <execution>
+ <inherited>false</inherited>
+ <goals>
+ <goal>aggregate</goal>
+ </goals>
+ <configuration>
+ <suppressionFiles>nifi-dependency-check-maven/suppressions.xml</suppressionFiles>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
</profiles>
</project>