This is an automated email from the ASF dual-hosted git repository.
stoty pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/phoenix.git
The following commit(s) were added to refs/heads/master by this push:
new 2f392b8399 PHOENIX-7550 Update OWASP plugin to 12.1.0 (#2091)
2f392b8399 is described below
commit 2f392b8399d4541a76dbe35bb94facb7b48643e4
Author: Istvan Toth <[email protected]>
AuthorDate: Sun Mar 16 09:26:56 2025 +0100
PHOENIX-7550 Update OWASP plugin to 12.1.0 (#2091)
---
BUILDING.md | 6 ++++++
pom.xml | 47 +++++++++++++++++++++++++++++------------------
2 files changed, 35 insertions(+), 18 deletions(-)
diff --git a/BUILDING.md b/BUILDING.md
index d32692fe5b..ed148c5887 100644
--- a/BUILDING.md
+++ b/BUILDING.md
@@ -127,6 +127,12 @@ To run all available reports (takes a few hours)
To run OWASP, RAT and Spotbugs, but not Jacoco (takes ~10 minutes)
`$ mvn clean compile test-compile site -Dspotbugs.site`
+It is recommended to request an NVD API
[key](https://nvd.nist.gov/developers/request-an-api-key) to
+increase the download speed of CVE data. To use the key append
`-DnvdApiKey=<key>` to the maven
+command line.
+
+Note that the dependency check report generation is only enabled when run on
Java 11 and later.
+
The reports are accessible via `target/site/index.html`, under the main
project,
as well as each of the subprojects. (not every project has all reports)
diff --git a/pom.xml b/pom.xml
index e79d0baaf3..c48697b203 100644
--- a/pom.xml
+++ b/pom.xml
@@ -153,7 +153,7 @@
<jacoco-maven-plugin.version>0.8.11</jacoco-maven-plugin.version>
<sonar-maven-plugin.version>3.10.0.2594</sonar-maven-plugin.version>
<findbugs-annotations.version>1.3.9-1</findbugs-annotations.version>
- <maven-owasp-plugin.version>10.0.2</maven-owasp-plugin.version>
+ <maven-owasp-plugin.version>12.1.0</maven-owasp-plugin.version>
<os.maven.version>1.7.1</os.maven.version>
<jasmine-maven-plugin.version>2.2</jasmine-maven-plugin.version>
<lifecycle-mapping.version>1.0.0</lifecycle-mapping.version>
@@ -161,6 +161,8 @@
<exec-maven-plugin.version>3.1.1</exec-maven-plugin.version>
<maven-checkstyle-plugin.version>3.3.0</maven-checkstyle-plugin.version>
<maven-shade-plugin.version>3.6.0</maven-shade-plugin.version>
+ <!-- This overrides the property in the ASF parent project-->
+ <version.maven-site-plugin>3.21.0</version.maven-site-plugin>
<mvel2.version>2.5.2.Final</mvel2.version>
<!-- Plugin options -->
@@ -2291,6 +2293,32 @@
@{jacocoArgLine}</argLine>
</properties>
</profile>
+ <profile>
+ <activation>
+ <jdk>[11,)</jdk>
+ </activation>
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>${maven-owasp-plugin.version}</version>
+ <configuration>
+ <skipProvidedScope>true</skipProvidedScope>
+ <skipRuntimeScope>true</skipRuntimeScope>
+ <skipSystemScope>true</skipSystemScope>
+ </configuration>
+ <reportSets>
+ <reportSet>
+ <reports>
+ <report>aggregate</report>
+ </reports>
+ </reportSet>
+ </reportSets>
+ </plugin>
+ </plugins>
+ </reporting>
+ </profile>
</profiles>
<reporting>
<plugins>
@@ -2298,23 +2326,6 @@
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
</plugin>
- <plugin>
- <groupId>org.owasp</groupId>
- <artifactId>dependency-check-maven</artifactId>
- <version>${maven-owasp-plugin.version}</version>
- <configuration>
- <skipProvidedScope>true</skipProvidedScope>
- <skipRuntimeScope>true</skipRuntimeScope>
- <skipSystemScope>true</skipSystemScope>
- </configuration>
- <reportSets>
- <reportSet>
- <reports>
- <report>aggregate</report>
- </reports>
- </reportSet>
- </reportSets>
- </plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
