From c473490da01c5909209b138034e1a1c85e174247 Mon Sep 17 00:00:00 2001 From: Andrew Wang Date: Fri, 21 Oct 2016 16:41:30 -0700 Subject: [PATCH] HADOOP-13732. Upgrade OWASP dependency-check plugin version. Contributed by Mike Yoder. --- BUILDING.txt | 8 ++++++++ pom.xml | 5 +++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/BUILDING.txt b/BUILDING.txt index 9d297f7c5e..1fbf8bb7d8 100644 --- a/BUILDING.txt +++ b/BUILDING.txt @@ -212,6 +212,14 @@ Maven build goals: and it ignores the -Disal.prefix option. If -Disal.lib isn't given, the bundling and building will fail. + Special plugins: OWASP's dependency-check: + + OWASP's dependency-check plugin will scan the third party dependencies + of this project for known CVEs (security vulnerabilities against them). + It will produce a report in target/dependency-check-report.html. To + invoke, run 'mvn dependency-check:aggregate'. Note that this plugin + requires maven 3.1.1 or greater. + ---------------------------------------------------------------------------------- Building components separately diff --git a/pom.xml b/pom.xml index 1a3cd28a68..860c2d72c7 100644 --- a/pom.xml +++ b/pom.xml @@ -107,7 +107,7 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs 1.0.0 2.15 6.6 - 1.3.6 + 1.4.3 bash @@ -407,7 +407,8 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs dependencies of this project for known CVEs (security vulnerabilities against them). It will produce a report in target/dependency-check-report.html. To invoke, run - 'mvn dependency-check:aggregate' + 'mvn dependency-check:aggregate'. Note that this plugin + requires maven 3.1.1 or greater. --> org.owasp dependency-check-maven