This is an automated email from the ASF dual-hosted git repository. rzo1 pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 3534a77ae21bd2db5c52a065dcf95d708784d3c1 Author: Richard Zowalla <r...@apache.org> AuthorDate: Tue Apr 30 10:15:26 2024 +0200 Remove OWASP plugin which requires an account to download latest cve databases / limits access --- owasp-dc-suppression.xml | 97 ---------------------------------------------- pipelines/main-owasp-check | 69 --------------------------------- pom.xml | 55 -------------------------- 3 files changed, 221 deletions(-) diff --git a/owasp-dc-suppression.xml b/owasp-dc-suppression.xml deleted file mode 100644 index 7631d746f3..0000000000 --- a/owasp-dc-suppression.xml +++ /dev/null @@ -1,97 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> - -<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd"> - <suppress> - <notes><![CDATA[ - file name: self dependencies... - ]]></notes> - <gav regex="true">^org\.apache\.tomee:.*$</gav> - <cve>CVE-2018-8031</cve> - </suppress> - <suppress> - <notes><![CDATA[ - file name: self dependencies... - ]]></notes> - <gav regex="true">^org\.apache\.tomee:.*$</gav> - <cve>CVE-2010-1151</cve> - </suppress> - <suppress> - <notes><![CDATA[ - file name: false positive apache http server - ]]></notes> - <gav regex="true">^org\.apache\.tomee:.*$</gav> - <cpe>cpe:/a:apache:apache_http_server</cpe> - </suppress> - <suppress> - <notes><![CDATA[ - file name: false positive apache http server - ]]></notes> - <gav regex="true">^org\.apache\.tomee:.*$</gav> - <cpe>cpe:/a:apache:http_server</cpe> - </suppress> - <suppress> - <notes><![CDATA[ - file name: ziplock-*.jar - ]]></notes> - <gav regex="true">^org\.apache\.tomee:ziplock:.*$</gav> - <cpe>cpe:/a:zip_project:zip</cpe> - </suppress> - <suppress> - <notes><![CDATA[ - file name: eclipselink-*jar - ]]></notes> - <gav regex="true">^org\.eclipse\.persistence:eclipselink:.*$</gav> - <cpe>cpe:/a:git:git</cpe> - </suppress> - <suppress> - <notes><![CDATA[ - file name: eclipselink-*.jar - ]]></notes> - <gav regex="true">^org\.eclipse\.persistence:eclipselink:.*$</gav> - <cpe>cpe:/a:git_project:git</cpe> - </suppress> - <suppress> - <notes><![CDATA[ - file name: jakarta.persistence-*.jar - ]]></notes> - <gav regex="true">^org\.eclipse\.persistence:javax\.persistence:.*$</gav> - <cpe>cpe:/a:git_project:git</cpe> - </suppress> - <suppress> - <notes><![CDATA[ - file name: jakarta.persistence-*.jar - ]]></notes> - <gav regex="true">^org\.eclipse\.persistence:javax\.persistence:.*$</gav> - <cpe>cpe:/a:git:git</cpe> - </suppress> - <suppress> - <notes><![CDATA[ - file name: commonj.sdo-*.jar - ]]></notes> - <gav regex="true">^org\.eclipse\.persistence:commonj\.sdo:.*$</gav> - <cpe>cpe:/a:git:git</cpe> - </suppress> - <suppress> - <notes><![CDATA[ - file name: commonj.sdo-*.jar - ]]></notes> - <gav regex="true">^org\.eclipse\.persistence:commonj\.sdo:.*$</gav> - <cpe>cpe:/a:git_project:git</cpe> - </suppress> -</suppressions> diff --git a/pipelines/main-owasp-check b/pipelines/main-owasp-check deleted file mode 100644 index 074051dd23..0000000000 --- a/pipelines/main-owasp-check +++ /dev/null @@ -1,69 +0,0 @@ -/* -* -* Licensed to the Apache Software Foundation (ASF) under one -* or more contributor license agreements. See the NOTICE file -* distributed with this work for additional information -* regarding copyright ownership. The ASF licenses this file -* to you under the Apache License, Version 2.0 (the -* "License"); you may not use this file except in compliance -* with the License. You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -* -*/ - -pipeline { - agent { - label "c6i2xlarge" - } - - stages { - stage('checkout') { - steps { - checkout scmGit(branches: [[name: '*/main']], browser: github('https://github.com/apache/tomee'), extensions: [cleanBeforeCheckout()], userRemoteConfigs: [[url: 'https://github.com/apache/tomee']]) - } - } - stage('Build without tests') { - tools { - maven 'maven_3_latest' - jdk 'jdk_11_latest' - } - steps { - timeout(time: 180, unit: 'MINUTES') { - sh 'mvn -U --show-version clean install -DskipTests' - } - } - } - stage('Test') { - tools { - maven 'maven_3_latest' - jdk 'jdk_11_latest' - } - steps { - timeout(time: 180, unit: 'MINUTES') { - sh 'mvn -U --show-version --fail-at-end clean install -Pno-examples,owasp-report -DskipTests -Dfile.encoding=UTF-8' - } - } - post { - always { - timeout(time: 15, unit: 'MINUTES') { - junit '**/target/surefire-reports/TEST-*.xml' - } - } - } - } - } - post{ - changed{ - emailext to: "commits@tomee.apache.org", - subject: "Jenkins build:${currentBuild.currentResult}: ${env.JOB_NAME}", - body: "${currentBuild.currentResult}: Job ${env.JOB_NAME}\nMore Info can be found here: ${env.BUILD_URL}" - } - } -} diff --git a/pom.xml b/pom.xml index 898d842250..22c8364231 100644 --- a/pom.xml +++ b/pom.xml @@ -407,14 +407,6 @@ <artifactId>maven-compiler-plugin</artifactId> <version>3.6.2</version> </plugin> - <plugin> - <groupId>org.owasp</groupId> - <artifactId>dependency-check-maven</artifactId> - <version>6.5.3</version> - <configuration> - <suppressionFile>owasp-dc-suppression.xml</suppressionFile> - </configuration> - </plugin> <plugin> <groupId>org.jacoco</groupId> <artifactId>jacoco-maven-plugin</artifactId> @@ -795,52 +787,6 @@ </repository> </repositories> </profile> - - <profile> - <id>owasp-report</id> - <build> - <plugins> - <plugin> - <groupId>org.owasp</groupId> - <artifactId>dependency-check-maven</artifactId> - <configuration> - <skipProvidedScope>true</skipProvidedScope> - <skipRuntimeScope>true</skipRuntimeScope> - </configuration> - <executions> - <execution> - <goals> - <goal>aggregate</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - </build> - </profile> - <profile> - <id>owasp-check</id> - <build> - <plugins> - <plugin> - <groupId>org.owasp</groupId> - <artifactId>dependency-check-maven</artifactId> - <configuration> - <skipProvidedScope>true</skipProvidedScope> - <skipRuntimeScope>true</skipRuntimeScope> - <failBuildOnCVSS>8.0</failBuildOnCVSS> - </configuration> - <executions> - <execution> - <goals> - <goal>check</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - </build> - </profile> <profile> <id>rat</id> <build> @@ -880,7 +826,6 @@ <exclude>**/META-INF/services/**</exclude> <exclude>**/META-INF/org.apache.openejb**</exclude> <exclude>**/META-INF/org.apache.openejb**/**</exclude> - <exclude>**/src/**/*login.config</exclude> <exclude>**/src/main/resources/DATA-README.txt</exclude> <exclude>**/src/test/resources/test.getresources</exclude>