You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tez.apache.org by jl...@apache.org on 2018/09/26 20:54:09 UTC
tez git commit: TEZ-3975. Add OWASP Dependency Check to the build
Repository: tez
Updated Branches:
refs/heads/master 22e2a2179 -> 64c04f112
TEZ-3975. Add OWASP Dependency Check to the build
Signed-off-by: Jason Lowe <jl...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/tez/repo
Commit: http://git-wip-us.apache.org/repos/asf/tez/commit/64c04f11
Tree: http://git-wip-us.apache.org/repos/asf/tez/tree/64c04f11
Diff: http://git-wip-us.apache.org/repos/asf/tez/diff/64c04f11
Branch: refs/heads/master
Commit: 64c04f1121ef1d04118e36b0e4fc3808205a50a8
Parents: 22e2a21
Author: Jonathan Eagles <je...@yahoo-inc.com>
Authored: Wed Sep 26 13:48:48 2018 -0700
Committer: Jason Lowe <jl...@apache.org>
Committed: Wed Sep 26 13:48:48 2018 -0700
----------------------------------------------------------------------
pom.xml | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tez/blob/64c04f11/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 8add2e0..8bce5dd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -61,6 +61,7 @@
<findbugs-maven-plugin.version>3.0.1</findbugs-maven-plugin.version>
<javadoc-maven-plugin.version>2.10.4</javadoc-maven-plugin.version>
<shade-maven-plugin.version>2.4.3</shade-maven-plugin.version>
+ <dependency-check-maven.version>1.3.6</dependency-check-maven.version>
</properties>
<scm>
<connection>${scm.url}</connection>
@@ -906,6 +907,11 @@
</configuration>
</plugin>
<plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>${dependency-check-maven.version}</version>
+ </plugin>
+ <plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>${findbugs-maven-plugin.version}</version>
@@ -1065,6 +1071,17 @@
<excludeFilterFile>${basedir}/findbugs-exclude.xml</excludeFilterFile>
</configuration>
</plugin>
+ <plugin>
+ <!-- OWASP's dependency-check plugin will scan the third party
+ dependencies of this project for known CVEs (security
+ vulnerabilities against them). It will produce a report
+ in target/dependency-check-report.html. To invoke, run
+ 'mvn dependency-check:aggregate'
+ -->
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>${dependency-check-maven.version}</version>
+ </plugin>
</plugins>
</build>