You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@plc4x.apache.org by cd...@apache.org on 2018/08/01 16:47:50 UTC
[incubator-plc4x] branch master updated: Added an enforcer rule,
that fails the build if any dependencies (direct and transitive)
are used for which known vulnerabilities exist.
This is an automated email from the ASF dual-hosted git repository.
cdutz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-plc4x.git
The following commit(s) were added to refs/heads/master by this push:
new f567718 Added an enforcer rule, that fails the build if any dependencies (direct and transitive) are used for which known vulnerabilities exist.
f567718 is described below
commit f567718b9ac145222565b3b785aaa54f7399225e
Author: Christofer Dutz <ch...@c-ware.de>
AuthorDate: Wed Aug 1 18:47:47 2018 +0200
Added an enforcer rule, that fails the build if any dependencies (direct and transitive) are used for which known vulnerabilities exist.
---
pom.xml | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index ab4629a..d9ef98a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -236,7 +236,6 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.0.0-M1</version> <!--$NO-MVN-MAN-VER$-->
- <inherited>false</inherited>
<executions>
<execution>
<id>enforce-maven</id>
@@ -252,7 +251,27 @@
</rules>
</configuration>
</execution>
+ <!-- Make sure no dependencies are used for which known vulnerabilities exist. -->
+ <execution>
+ <id>vulnerability-checks</id>
+ <phase>validate</phase>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies"/>
+ </rules>
+ </configuration>
+ </execution>
</executions>
+ <dependencies>
+ <dependency>
+ <groupId>org.sonatype.ossindex.maven</groupId>
+ <artifactId>ossindex-maven-enforcer-rules</artifactId>
+ <version>1.0.0</version>
+ </dependency>
+ </dependencies>
</plugin>
<!-- Plugin for analysing the project based on neo4j queries -->