struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject [struts-examples] branch master updated: Adds Maven Dependency Check plugin with proper configuration
Date Wed, 13 Nov 2019 06:56:46 GMT
This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-examples.git


The following commit(s) were added to refs/heads/master by this push:
     new 428813f  Adds Maven Dependency Check plugin with proper configuration
428813f is described below

commit 428813f4ff72439a2b587159ac86b7d046da41a6
Author: Lukasz Lenart <lukaszlenart@apache.org>
AuthorDate: Wed Nov 13 07:56:38 2019 +0100

    Adds Maven Dependency Check plugin with proper configuration
---
 pom.xml                         | 40 ++++++++++++++++++++++++++++++++++++++
 src/etc/project-suppression.xml | 43 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 83 insertions(+)

diff --git a/pom.xml b/pom.xml
index ba12efa..8f78d78 100644
--- a/pom.xml
+++ b/pom.xml
@@ -45,6 +45,28 @@
         <jetty-plugin.version>9.4.22.v20191022</jetty-plugin.version>
     </properties>
 
+    <profiles>
+        <profile>
+            <id>dependency-check</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.owasp</groupId>
+                        <artifactId>dependency-check-maven</artifactId>
+                        <executions>
+                            <execution>
+                                <phase>verify</phase>
+                                <goals>
+                                    <goal>check</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
+
     <modules>
         <module>action-chaining</module>
         <module>annotations</module>
@@ -137,6 +159,24 @@
             </plugin>
         </plugins>
 
+        <pluginManagement>
+            <plugins>
+                <plugin>
+                    <groupId>org.owasp</groupId>
+                    <artifactId>dependency-check-maven</artifactId>
+                    <version>5.2.2</version>
+                    <configuration>
+                        <suppressionFiles>
+                            <suppressionFile>src/etc/project-suppression.xml</suppressionFile>
+                        </suppressionFiles>
+                        <failBuildOnCVSS>7</failBuildOnCVSS>
+                        <skipProvidedScope>true</skipProvidedScope>
+                        <skipRuntimeScope>true</skipRuntimeScope>
+                    </configuration>
+                </plugin>
+            </plugins>
+        </pluginManagement>
+
     </build>
 
     <repositories>
diff --git a/src/etc/project-suppression.xml b/src/etc/project-suppression.xml
new file mode 100644
index 0000000..30480cd
--- /dev/null
+++ b/src/etc/project-suppression.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied.  See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress>
+        <notes><![CDATA[
+        This suppresses false positives identified on Struts Annotations.
+        ]]></notes>
+        <gav regex="true">org\.apache\.struts:struts\-annotations\:1\.0\.6.*$</gav>
+        <cpe>cpe:/a:apache:struts:1.0.6</cpe>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+        <gav regex="true">^org\.apache\.struts:struts\-core\:1\.3\.8.*$</gav>
+        <cpe>cpe:/a:apache:struts</cpe>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-tiles-1.3.8.jar]]></notes>
+        <gav regex="true">^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$</gav>
+        <cpe>cpe:/a:apache:struts</cpe>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-taglib-1.3.8.jar]]></notes>
+        <gav regex="true">^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$</gav>
+        <cpe>cpe:/a:apache:struts</cpe>
+    </suppress>
+</suppressions>
\ No newline at end of file


Mime
View raw message