This is an automated email from the ASF dual-hosted git repository.
rzo1 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 3534a77ae21bd2db5c52a065dcf95d708784d3c1
Author: Richard Zowalla <r...@apache.org>
AuthorDate: Tue Apr 30 10:15:26 2024 +0200
Remove OWASP plugin which requires an account to download latest cve
databases / limits access
---
owasp-dc-suppression.xml | 97 ----------------------------------------------
pipelines/main-owasp-check | 69 ---------------------------------
pom.xml | 55 --------------------------
3 files changed, 221 deletions(-)
diff --git a/owasp-dc-suppression.xml b/owasp-dc-suppression.xml
deleted file mode 100644
index 7631d746f3..0000000000
--- a/owasp-dc-suppression.xml
+++ /dev/null
@@ -1,97 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd";>
- <suppress>
- <notes><![CDATA[
- file name: self dependencies...
- ]]></notes>
- <gav regex="true">^org\.apache\.tomee:.*$</gav>
- <cve>CVE-2018-8031</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: self dependencies...
- ]]></notes>
- <gav regex="true">^org\.apache\.tomee:.*$</gav>
- <cve>CVE-2010-1151</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: false positive apache http server
- ]]></notes>
- <gav regex="true">^org\.apache\.tomee:.*$</gav>
- <cpe>cpe:/a:apache:apache_http_server</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: false positive apache http server
- ]]></notes>
- <gav regex="true">^org\.apache\.tomee:.*$</gav>
- <cpe>cpe:/a:apache:http_server</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: ziplock-*.jar
- ]]></notes>
- <gav regex="true">^org\.apache\.tomee:ziplock:.*$</gav>
- <cpe>cpe:/a:zip_project:zip</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: eclipselink-*jar
- ]]></notes>
- <gav regex="true">^org\.eclipse\.persistence:eclipselink:.*$</gav>
- <cpe>cpe:/a:git:git</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: eclipselink-*.jar
- ]]></notes>
- <gav regex="true">^org\.eclipse\.persistence:eclipselink:.*$</gav>
- <cpe>cpe:/a:git_project:git</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: jakarta.persistence-*.jar
- ]]></notes>
- <gav
regex="true">^org\.eclipse\.persistence:javax\.persistence:.*$</gav>
- <cpe>cpe:/a:git_project:git</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: jakarta.persistence-*.jar
- ]]></notes>
- <gav
regex="true">^org\.eclipse\.persistence:javax\.persistence:.*$</gav>
- <cpe>cpe:/a:git:git</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: commonj.sdo-*.jar
- ]]></notes>
- <gav regex="true">^org\.eclipse\.persistence:commonj\.sdo:.*$</gav>
- <cpe>cpe:/a:git:git</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: commonj.sdo-*.jar
- ]]></notes>
- <gav regex="true">^org\.eclipse\.persistence:commonj\.sdo:.*$</gav>
- <cpe>cpe:/a:git_project:git</cpe>
- </suppress>
-</suppressions>
diff --git a/pipelines/main-owasp-check b/pipelines/main-owasp-check
deleted file mode 100644
index 074051dd23..0000000000
--- a/pipelines/main-owasp-check
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
-*
-* Licensed to the Apache Software Foundation (ASF) under one
-* or more contributor license agreements. See the NOTICE file
-* distributed with this work for additional information
-* regarding copyright ownership. The ASF licenses this file
-* to you under the Apache License, Version 2.0 (the
-* "License"); you may not use this file except in compliance
-* with the License. You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*
-*/
-
-pipeline {
- agent {
- label "c6i2xlarge"
- }
-
- stages {
- stage('checkout') {
- steps {
- checkout scmGit(branches: [[name: '*/main']], browser:
github('https://github.com/apache/tomee'), extensions: [cleanBeforeCheckout()],
userRemoteConfigs: [[url: 'https://github.com/apache/tomee']])
- }
- }
- stage('Build without tests') {
- tools {
- maven 'maven_3_latest'
- jdk 'jdk_11_latest'
- }
- steps {
- timeout(time: 180, unit: 'MINUTES') {
- sh 'mvn -U --show-version clean install -DskipTests'
- }
- }
- }
- stage('Test') {
- tools {
- maven 'maven_3_latest'
- jdk 'jdk_11_latest'
- }
- steps {
- timeout(time: 180, unit: 'MINUTES') {
- sh 'mvn -U --show-version --fail-at-end clean install
-Pno-examples,owasp-report -DskipTests -Dfile.encoding=UTF-8'
- }
- }
- post {
- always {
- timeout(time: 15, unit: 'MINUTES') {
- junit '**/target/surefire-reports/TEST-*.xml'
- }
- }
- }
- }
- }
- post{
- changed{
- emailext to: "commits@tomee.apache.org",
- subject: "Jenkins build:${currentBuild.currentResult}:
${env.JOB_NAME}",
- body: "${currentBuild.currentResult}: Job ${env.JOB_NAME}\nMore
Info can be found here: ${env.BUILD_URL}"
- }
- }
-}
diff --git a/pom.xml b/pom.xml
index 898d842250..22c8364231 100644
--- a/pom.xml
+++ b/pom.xml
@@ -407,14 +407,6 @@
<artifactId>maven-compiler-plugin</artifactId>
<version>3.6.2</version>
</plugin>
- <plugin>
- <groupId>org.owasp</groupId>
- <artifactId>dependency-check-maven</artifactId>
- <version>6.5.3</version>
- <configuration>
- <suppressionFile>owasp-dc-suppression.xml</suppressionFile>
- </configuration>
- </plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
@@ -795,52 +787,6 @@
</repository>
</repositories>
</profile>
-
- <profile>
- <id>owasp-report</id>
- <build>
- <plugins>
- <plugin>
- <groupId>org.owasp</groupId>
- <artifactId>dependency-check-maven</artifactId>
- <configuration>
- <skipProvidedScope>true</skipProvidedScope>
- <skipRuntimeScope>true</skipRuntimeScope>
- </configuration>
- <executions>
- <execution>
- <goals>
- <goal>aggregate</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
- </profile>
- <profile>
- <id>owasp-check</id>
- <build>
- <plugins>
- <plugin>
- <groupId>org.owasp</groupId>
- <artifactId>dependency-check-maven</artifactId>
- <configuration>
- <skipProvidedScope>true</skipProvidedScope>
- <skipRuntimeScope>true</skipRuntimeScope>
- <failBuildOnCVSS>8.0</failBuildOnCVSS>
- </configuration>
- <executions>
- <execution>
- <goals>
- <goal>check</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
- </profile>
<profile>
<id>rat</id>
<build>
@@ -880,7 +826,6 @@
<exclude>**/META-INF/services/**</exclude>
<exclude>**/META-INF/org.apache.openejb**</exclude>
<exclude>**/META-INF/org.apache.openejb**/**</exclude>
-
<exclude>**/src/**/*login.config</exclude>
<exclude>**/src/main/resources/DATA-README.txt</exclude>
<exclude>**/src/test/resources/test.getresources</exclude>
