[zookeeper] branch branch-3.4 updated: ZOOKEEPER-3256: Enable OWASP checks to Maven build

andor Thu, 31 Jan 2019 01:42:02 -0800

This is an automated email from the ASF dual-hosted git repository.

andor pushed a commit to branch branch-3.4
in repository https://gitbox.apache.org/repos/asf/zookeeper.git



The following commit(s) were added to refs/heads/branch-3.4 by this push:
     new 4d44517  ZOOKEEPER-3256: Enable OWASP checks to Maven build
4d44517 is described below

commit 4d4451755f3e15ad547366d76fac47bd7ab841c4
Author: Enrico Olivelli <eolive...@apache.org>
AuthorDate: Thu Jan 31 10:41:29 2019 +0100

    ZOOKEEPER-3256: Enable OWASP checks to Maven build
    
    Author: Enrico Olivelli <eolive...@apache.org>
    
    Reviewers: an...@apache.org
    
    Closes #791 from eolivelli/fix/owasp-34
---
 build.xml |  4 ++--
 pom.xml   | 16 ++++++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/build.xml b/build.xml
index 57de37a..d89ab92 100644
--- a/build.xml
+++ b/build.xml
@@ -56,7 +56,7 @@ xmlns:cs="antlib:com.puppycrawl.tools.checkstyle">
     <property name="apache-rat-tasks.version" value="0.6"/>
     <property name="commons-lang.version" value="2.4"/>
 
-    <property name="dependency-check-ant.version" value="3.2.1"/>
+    <property name="dependency-check-ant.version" value="4.0.2"/>
 
     <property name="hamcrest.version" value="1.3"/>
 
@@ -1757,7 +1757,7 @@ xmlns:cs="antlib:com.puppycrawl.tools.checkstyle">
 
     <target name="owasp" depends="owasp-taskdef,ivy-retrieve" 
description="OWASP dependency check">
         <property name="owasp.out.dir" value="${test.java.build.dir}/owasp" />
-
+        <owasp:dependency-check-update 
xmlns:owasp="antlib:org.owasp.dependencycheck.anttasks" />
         <owasp:dependency-check 
xmlns:owasp="antlib:org.owasp.dependencycheck.anttasks"
                           projectname="ZooKeeper"
                           reportoutputdirectory="${owasp.out.dir}"
diff --git a/pom.xml b/pom.xml
index 9738eb1..4518c0b 100755
--- a/pom.xml
+++ b/pom.xml
@@ -726,6 +726,11 @@
             <excludeFilterFile>excludeFindBugsFilter.xml</excludeFilterFile>
           </configuration>
         </plugin>
+        <plugin>
+          <groupId>org.owasp</groupId>
+          <artifactId>dependency-check-maven</artifactId>
+          <version>4.0.2</version>
+        </plugin>
       </plugins>
     </pluginManagement>
 
@@ -757,6 +762,17 @@
         <groupId>com.github.spotbugs</groupId>
         <artifactId>spotbugs-maven-plugin</artifactId>
       </plugin>
+      <plugin>
+         <groupId>org.owasp</groupId>
+         <artifactId>dependency-check-maven</artifactId>
+         <configuration>
+            <format>ALL</format>
+            <failBuildOnCVSS>0</failBuildOnCVSS>
+            <suppressionFiles>
+              <suppressionsFile>owaspSuppressions.xml</suppressionsFile>
+            </suppressionFiles>
+         </configuration>
+       </plugin>
       </plugins>
   </build>

[zookeeper] branch branch-3.4 updated: ZOOKEEPER-3256: Enable OWASP checks to Maven build

Reply via email to