HADOOP-13198. Add support for OWASP's dependency-check. Contributed by Mike Yoder.

This commit is contained in:
Andrew Wang 2016-05-24 18:29:45 -07:00
parent edd716e99c
commit 09b866fd45

17
pom.xml
View File

@ -106,6 +106,7 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs
<lifecycle-mapping.version>1.0.0</lifecycle-mapping.version>
<maven-checkstyle-plugin.version>2.15</maven-checkstyle-plugin.version>
<checkstyle.version>6.6</checkstyle.version>
<dependency-check-maven.version>1.3.6</dependency-check-maven.version>
<shell-executable>bash</shell-executable>
</properties>
@ -323,6 +324,11 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs
<outputFile>${project.build.directory}/test/checkstyle-errors.xml</outputFile>
</configuration>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${dependency-check-maven.version}</version>
</plugin>
</plugins>
</pluginManagement>
@ -394,6 +400,17 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs
<artifactId>maven-checkstyle-plugin</artifactId>
<version>${maven-checkstyle-plugin.version}</version>
</plugin>
<plugin>
<!-- OWASP's dependency-check plugin will scan the third party
dependencies of this project for known CVEs (security
vulnerabilities against them). It will produce a report
in target/dependency-check-report.html. To invoke, run
'mvn dependency-check:aggregate'
-->
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${dependency-check-maven.version}</version>
</plugin>
</plugins>
</build>