You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by ma...@apache.org on 2016/09/13 16:06:50 UTC

[2/2] activemq-artemis git commit: Adding OWASP reporting into pom

Adding OWASP reporting into pom


Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/1fac2df1
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/1fac2df1
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/1fac2df1

Branch: refs/heads/master
Commit: 1fac2df1981748e8ad2b74fff56a5a8a5d39e371
Parents: e81d101
Author: Clebert Suconic <cl...@apache.org>
Authored: Fri Sep 9 05:13:33 2016 -0400
Committer: Martyn Taylor <mt...@redhat.com>
Committed: Tue Sep 13 17:06:25 2016 +0100

----------------------------------------------------------------------
 README.md |  6 ++++++
 pom.xml   | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/1fac2df1/README.md
----------------------------------------------------------------------
diff --git a/README.md b/README.md
index b770fb5..a420cb7 100644
--- a/README.md
+++ b/README.md
@@ -44,4 +44,10 @@ If you are trying to copy the examples somewhere else and modifying them. Consid
     # if trying to modify the 'topic' example:
     cd examples/jms/topic && mvn dependency:list
 
+### Open Web Application Security Project (OWASP) Report
 
+If you wish to generate the report for CCV dependencies, you may run it with the -Powasp profile
+
+    $ mvn -Powasp verify
+
+The output will be under ./target/dependency-check-report.html **for each** sub-module.
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/1fac2df1/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index b6032ad..23177b2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -86,6 +86,7 @@
       <qpid.jms.version>0.11.0</qpid.jms.version>
       <johnzon.version>0.9.5</johnzon.version>
       <json-p.spec.version>1.0-alpha-1</json-p.spec.version>
+      <owasp.version>1.4.3</owasp.version>
 
       <activemq.version.versionName>${project.version}</activemq.version.versionName>
       <activemq.version.majorVersion>1</activemq.version.majorVersion>
@@ -138,6 +139,7 @@
       <activemq.basedir>${project.basedir}</activemq.basedir>
       <skipLicenseCheck>true</skipLicenseCheck>
       <skipStyleCheck>true</skipStyleCheck>
+      <skipOWASP>true</skipOWASP>
       <geronimo.jms.2.spec.version>1.0-alpha-2</geronimo.jms.2.spec.version>
 
       <javac-compiler-id>javac-with-errorprone</javac-compiler-id>
@@ -302,6 +304,19 @@
          </dependency>
          <!-- ### End Build Time Dependencies ### -->
 
+         <dependency>
+            <groupId>org.owasp</groupId>
+            <artifactId>dependency-check-core</artifactId>
+            <version>${owasp.version}</version>
+            <!-- License: Apache 2.0 -->
+         </dependency>
+         <dependency>
+            <groupId>org.owasp</groupId>
+            <artifactId>dependency-check-utils</artifactId>
+            <version>${owasp.version}</version>
+            <!-- License: Apache 2.0 -->
+         </dependency>
+
          <!-- ### Run Time Dependencies: MUST NOT INCLUDE CAT X LICENSES ###-->
          <dependency>
             <groupId>org.fusesource.hawtbuf</groupId>
@@ -609,6 +624,12 @@
          </build>
       </profile>
       <profile>
+         <id>owasp</id>
+         <properties>
+            <skipOWASP>false</skipOWASP>
+         </properties>
+      </profile>
+      <profile>
          <id>dev</id>
          <modules>
             <module>artemis-boot</module>
@@ -1208,6 +1229,24 @@
             <version>3.0.0</version>
             <extensions>true</extensions>
          </plugin>
+         <plugin>
+            <groupId>org.owasp</groupId>
+            <artifactId>dependency-check-maven</artifactId>
+            <version>${owasp.version}</version>
+            <configuration>
+                <skip>${skipOWASP}</skip>
+                <!-- <skipProvidedScope>true</skipProvidedScope>
+                <skipRuntimeScope>true</skipRuntimeScope> -->
+            </configuration>
+            <executions>
+               <execution>
+                  <goals>
+                     <goal>check</goal>
+                  </goals>
+               </execution>
+            </executions>
+         </plugin>
+
       </plugins>
    </build>
 
@@ -1269,6 +1308,19 @@
             <artifactId>maven-surefire-report-plugin</artifactId>
             <version>2.14.1</version>
          </plugin>
+         <plugin>
+            <groupId>org.owasp</groupId>
+            <artifactId>dependency-check-maven</artifactId>
+            <version>${owasp.version}</version>
+            <reportSets>
+               <reportSet>
+                  <reports>
+                     <report>aggregate</report>
+                  </reports>
+               </reportSet>
+            </reportSets>
+         </plugin>
+
       </plugins>
    </reporting>