(hbase) branch branch-2.5 updated: HBASE-29201 Add OWASP Dependency Check to check 3rd party dependencies for known vulnerabilities (#6829)

Thu, 20 Mar 2025 10:27:31 -0700 

This is an automated email from the ASF dual-hosted git repository.

stoty pushed a commit to branch branch-2.5
in repository https://gitbox.apache.org/repos/asf/hbase.git


The following commit(s) were added to refs/heads/branch-2.5 by this push:
     new dae58de25c8 HBASE-29201 Add OWASP Dependency Check to check 3rd party 
dependencies for known vulnerabilities (#6829)
dae58de25c8 is described below

commit dae58de25c804da801651c2528d8376c589062e6
Author: Istvan Toth <[email protected]>
AuthorDate: Thu Mar 20 18:26:03 2025 +0100

    HBASE-29201 Add OWASP Dependency Check to check 3rd party dependencies for 
known vulnerabilities (#6829)
    
    Signed-off-by: Nihal Jain <[email protected]>
    Signed-off-by: Duo Zhang <[email protected]>
    (cherry picked from commit 7e4b7a035732fd315676ba0212d8459f02bd3743)
---
 pom.xml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/pom.xml b/pom.xml
index 83f0a639030..8883b72d9e8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -640,6 +640,7 @@
     <maven.javadoc.version>3.4.0</maven.javadoc.version>
     <maven.warbucks.version>1.1.0</maven.warbucks.version>
     
<maven.project.info.report.version>3.1.2</maven.project.info.report.version>
+    <maven-owasp-plugin.version>12.1.0</maven-owasp-plugin.version>
     <os.maven.version>1.5.0.Final</os.maven.version>
     <findbugs-annotations.version>1.3.9-1</findbugs-annotations.version>
     <spotbugs.version>4.7.3</spotbugs.version>
@@ -4959,6 +4960,36 @@
         </plugins>
       </build>
     </profile>
+    <profile>
+      <id>owasp-dependency-check</id>
+      <activation>
+        <jdk>[11,)</jdk>
+        <property>
+          <name>owasp-check</name>
+        </property>
+      </activation>
+      <reporting>
+        <plugins>
+          <plugin>
+            <groupId>org.owasp</groupId>
+            <artifactId>dependency-check-maven</artifactId>
+            <version>${maven-owasp-plugin.version}</version>
+            <configuration>
+              <skipProvidedScope>true</skipProvidedScope>
+              <skipRuntimeScope>true</skipRuntimeScope>
+              <skipSystemScope>true</skipSystemScope>
+            </configuration>
+            <reportSets>
+              <reportSet>
+                <reports>
+                  <report>aggregate</report>
+                </reports>
+              </reportSet>
+            </reportSets>
+          </plugin>
+        </plugins>
+      </reporting>
+    </profile>
     <profile>
       <!-- Used by the website generation script on jenkins to
            do a local install of the jars we need to run a normal

Reply via email to