You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@plc4x.apache.org by cd...@apache.org on 2018/08/01 16:47:50 UTC

[incubator-plc4x] branch master updated: Added an enforcer rule, that fails the build if any dependencies (direct and transitive) are used for which known vulnerabilities exist.

This is an automated email from the ASF dual-hosted git repository.

cdutz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-plc4x.git


The following commit(s) were added to refs/heads/master by this push:
     new f567718  Added an enforcer rule, that fails the build if any dependencies (direct and transitive) are used for which known vulnerabilities exist.
f567718 is described below

commit f567718b9ac145222565b3b785aaa54f7399225e
Author: Christofer Dutz <ch...@c-ware.de>
AuthorDate: Wed Aug 1 18:47:47 2018 +0200

    Added an enforcer rule, that fails the build if any dependencies (direct and transitive) are used for which known vulnerabilities exist.
---
 pom.xml | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ab4629a..d9ef98a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -236,7 +236,6 @@
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-enforcer-plugin</artifactId>
         <version>3.0.0-M1</version> <!--$NO-MVN-MAN-VER$-->
-        <inherited>false</inherited>
         <executions>
           <execution>
             <id>enforce-maven</id>
@@ -252,7 +251,27 @@
               </rules>
             </configuration>
           </execution>
+          <!-- Make sure no dependencies are used for which known vulnerabilities exist. -->
+          <execution>
+            <id>vulnerability-checks</id>
+            <phase>validate</phase>
+            <goals>
+              <goal>enforce</goal>
+            </goals>
+            <configuration>
+              <rules>
+                <banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies"/>
+              </rules>
+            </configuration>
+          </execution>
         </executions>
+        <dependencies>
+          <dependency>
+            <groupId>org.sonatype.ossindex.maven</groupId>
+            <artifactId>ossindex-maven-enforcer-rules</artifactId>
+            <version>1.0.0</version>
+          </dependency>
+        </dependencies>
       </plugin>
 
       <!-- Plugin for analysing the project based on neo4j queries -->