This is an automated email from the ASF dual-hosted git repository.
stoty pushed a commit to branch 5.1
in repository https://gitbox.apache.org/repos/asf/phoenix.git
The following commit(s) were added to refs/heads/5.1 by this push:
new 0a4eccf59c PHOENIX-7550 Update OWASP plugin to 12.1.0 (#2091)
0a4eccf59c is described below
commit 0a4eccf59c0994433217c29fcbf8730ffe66514f
Author: Istvan Toth <[email protected]>
AuthorDate: Sun Mar 16 09:26:56 2025 +0100
PHOENIX-7550 Update OWASP plugin to 12.1.0 (#2091)
---
BUILDING.md | 6 ++++++
pom.xml | 47 +++++++++++++++++++++++++++++------------------
2 files changed, 35 insertions(+), 18 deletions(-)
diff --git a/BUILDING.md b/BUILDING.md
index ada09a9825..866a0c1011 100644
--- a/BUILDING.md
+++ b/BUILDING.md
@@ -127,6 +127,12 @@ To run all available reports (takes a few hours)
To run OWASP, RAT and Spotbugs, but not Jacoco (takes ~10 minutes)
`$ mvn clean compile test-compile site -Dspotbugs.site`
+It is recommended to request an NVD API
[key](https://nvd.nist.gov/developers/request-an-api-key) to
+increase the download speed of CVE data. To use the key append
`-DnvdApiKey=<key>` to the maven
+command line.
+
+Note that the dependency check report generation is only enabled when run on
Java 11 and later.
+
The reports are accessible via `target/site/index.html`, under the main
project,
as well as each of the subprojects. (not every project has all reports)
diff --git a/pom.xml b/pom.xml
index 2263dbd138..42096b5895 100644
--- a/pom.xml
+++ b/pom.xml
@@ -156,7 +156,7 @@
<jacoco-maven-plugin.version>0.8.11</jacoco-maven-plugin.version>
<sonar-maven-plugin.version>3.10.0.2594</sonar-maven-plugin.version>
<findbugs-annotations.version>1.3.9-1</findbugs-annotations.version>
- <maven-owasp-plugin.version>10.0.2</maven-owasp-plugin.version>
+ <maven-owasp-plugin.version>12.1.0</maven-owasp-plugin.version>
<os.maven.version>1.7.1</os.maven.version>
<jasmine-maven-plugin.version>2.2</jasmine-maven-plugin.version>
<lifecycle-mapping.version>1.0.0</lifecycle-mapping.version>
@@ -164,6 +164,8 @@
<exec-maven-plugin.version>3.1.1</exec-maven-plugin.version>
<maven-checkstyle-plugin.version>3.3.0</maven-checkstyle-plugin.version>
<maven-shade-plugin.version>3.6.0</maven-shade-plugin.version>
+ <!-- This overrides the property in the ASF parent project-->
+ <version.maven-site-plugin>3.21.0</version.maven-site-plugin>
<!-- Plugin options -->
<skipParallelStatsEnabledTests>false</skipParallelStatsEnabledTests>
@@ -2037,6 +2039,32 @@
@{jacocoArgLine}</argLine>
</properties>
</profile>
+ <profile>
+ <activation>
+ <jdk>[11,)</jdk>
+ </activation>
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>${maven-owasp-plugin.version}</version>
+ <configuration>
+ <skipProvidedScope>true</skipProvidedScope>
+ <skipRuntimeScope>true</skipRuntimeScope>
+ <skipSystemScope>true</skipSystemScope>
+ </configuration>
+ <reportSets>
+ <reportSet>
+ <reports>
+ <report>aggregate</report>
+ </reports>
+ </reportSet>
+ </reportSets>
+ </plugin>
+ </plugins>
+ </reporting>
+ </profile>
</profiles>
<reporting>
<plugins>
@@ -2044,23 +2072,6 @@
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
</plugin>
- <plugin>
- <groupId>org.owasp</groupId>
- <artifactId>dependency-check-maven</artifactId>
- <version>${maven-owasp-plugin.version}</version>
- <configuration>
- <skipProvidedScope>true</skipProvidedScope>
- <skipRuntimeScope>true</skipRuntimeScope>
- <skipSystemScope>true</skipSystemScope>
- </configuration>
- <reportSets>
- <reportSet>
- <reports>
- <report>aggregate</report>
- </reports>
- </reportSet>
- </reportSets>
- </plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
