You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by ma...@apache.org on 2016/09/13 16:06:50 UTC
[2/2] activemq-artemis git commit: Adding OWASP reporting into pom
Adding OWASP reporting into pom
Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/1fac2df1
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/1fac2df1
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/1fac2df1
Branch: refs/heads/master
Commit: 1fac2df1981748e8ad2b74fff56a5a8a5d39e371
Parents: e81d101
Author: Clebert Suconic <cl...@apache.org>
Authored: Fri Sep 9 05:13:33 2016 -0400
Committer: Martyn Taylor <mt...@redhat.com>
Committed: Tue Sep 13 17:06:25 2016 +0100
----------------------------------------------------------------------
README.md | 6 ++++++
pom.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 58 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/1fac2df1/README.md
----------------------------------------------------------------------
diff --git a/README.md b/README.md
index b770fb5..a420cb7 100644
--- a/README.md
+++ b/README.md
@@ -44,4 +44,10 @@ If you are trying to copy the examples somewhere else and modifying them. Consid
# if trying to modify the 'topic' example:
cd examples/jms/topic && mvn dependency:list
+### Open Web Application Security Project (OWASP) Report
+If you wish to generate the report for CCV dependencies, you may run it with the -Powasp profile
+
+ $ mvn -Powasp verify
+
+The output will be under ./target/dependency-check-report.html **for each** sub-module.
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/1fac2df1/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index b6032ad..23177b2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -86,6 +86,7 @@
<qpid.jms.version>0.11.0</qpid.jms.version>
<johnzon.version>0.9.5</johnzon.version>
<json-p.spec.version>1.0-alpha-1</json-p.spec.version>
+ <owasp.version>1.4.3</owasp.version>
<activemq.version.versionName>${project.version}</activemq.version.versionName>
<activemq.version.majorVersion>1</activemq.version.majorVersion>
@@ -138,6 +139,7 @@
<activemq.basedir>${project.basedir}</activemq.basedir>
<skipLicenseCheck>true</skipLicenseCheck>
<skipStyleCheck>true</skipStyleCheck>
+ <skipOWASP>true</skipOWASP>
<geronimo.jms.2.spec.version>1.0-alpha-2</geronimo.jms.2.spec.version>
<javac-compiler-id>javac-with-errorprone</javac-compiler-id>
@@ -302,6 +304,19 @@
</dependency>
<!-- ### End Build Time Dependencies ### -->
+ <dependency>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-core</artifactId>
+ <version>${owasp.version}</version>
+ <!-- License: Apache 2.0 -->
+ </dependency>
+ <dependency>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-utils</artifactId>
+ <version>${owasp.version}</version>
+ <!-- License: Apache 2.0 -->
+ </dependency>
+
<!-- ### Run Time Dependencies: MUST NOT INCLUDE CAT X LICENSES ###-->
<dependency>
<groupId>org.fusesource.hawtbuf</groupId>
@@ -609,6 +624,12 @@
</build>
</profile>
<profile>
+ <id>owasp</id>
+ <properties>
+ <skipOWASP>false</skipOWASP>
+ </properties>
+ </profile>
+ <profile>
<id>dev</id>
<modules>
<module>artemis-boot</module>
@@ -1208,6 +1229,24 @@
<version>3.0.0</version>
<extensions>true</extensions>
</plugin>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>${owasp.version}</version>
+ <configuration>
+ <skip>${skipOWASP}</skip>
+ <!-- <skipProvidedScope>true</skipProvidedScope>
+ <skipRuntimeScope>true</skipRuntimeScope> -->
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <goal>check</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
</plugins>
</build>
@@ -1269,6 +1308,19 @@
<artifactId>maven-surefire-report-plugin</artifactId>
<version>2.14.1</version>
</plugin>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>${owasp.version}</version>
+ <reportSets>
+ <reportSet>
+ <reports>
+ <report>aggregate</report>
+ </reports>
+ </reportSet>
+ </reportSets>
+ </plugin>
+
</plugins>
</reporting>