Skip to content

Commit

Permalink
FIPS-11836/FIPS-11828 :: Add DependencyCheck
Browse files Browse the repository at this point in the history 
Change-Id: Ib3bb4ea62c7b8870c6977449a61098a6285a4077
(cherry picked from commit 0d1b441)
  • Loading branch information
@hd42
hd42 committed Jun 25, 2024
1 parent a086b25 commit b612261
Show file tree
Hide file tree
Showing 5 changed files with 96 additions and 7 deletions.
18 changes: 18 additions & 0 deletions .ci/Jenkinsfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,24 @@ pipeline {
]
}
}
stage('Dependency-Check') {
steps {
dir('runtime'){
withMaven(publisherStrategy: 'EXPLICIT') {
dependencyCheck()
}
}
dir('devtools/common'){
withMaven(publisherStrategy: 'EXPLICIT') {
dependencyCheck()
}
}
rtp parserName: 'HTML', nullAction: '1', stableText: """
<h2>Dependency-Check</h2>
<a href='${env.BUILD_URL}artifact/dependency-check-report.html' target='_blank'>Dependency-Check Report</a>
"""
}
}

stage('Deploy Additional Artifacts') {
steps {
Expand Down
18 changes: 18 additions & 0 deletions .ci/release.Jenkinsfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,24 @@ pipeline {
}
}*/
}
stage('Dependency-Check') {
steps {
dir('runtime'){
withMaven(publisherStrategy: 'EXPLICIT') {
dependencyCheck()
}
}
dir('devtools/common'){
withMaven(publisherStrategy: 'EXPLICIT') {
dependencyCheck()
}
}
rtp parserName: 'HTML', nullAction: '1', stableText: """
<h2>Dependency-Check</h2>
<a href='${env.BUILD_URL}artifact/dependency-check-report.html' target='_blank'>Dependency-Check Report</a>
"""
}
}

stage('Deployment of Artifacts') {
steps {
Expand Down
20 changes: 19 additions & 1 deletion .ci/review.Jenkinsfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,29 @@ pipeline {
osSpecificMaven commands: [
"mvn -U -V -fae -e clean install -f codequality-config",
"mvn -U -V -T 8 -fae -e clean install -DskipTests=true -Dmaven.skip.tests=true -pl :targets -am -Dtycho.localArtifacts=ignore",
"mvn -U -V -T 8 -fae -e clean verify site -Dtycho.localArtifacts=ignore"
"mvn -U -V -T 8 -fae -e clean install site -Dtycho.localArtifacts=ignore"
// site:site is not called for the review, as it depends on base and runtime which are not installed when built with only verify
]
}
}
stage('Dependency-Check') {
steps {
dir('runtime'){
withMaven(publisherStrategy: 'EXPLICIT') {
dependencyCheck()
}
}
dir('devtools/common'){
withMaven(publisherStrategy: 'EXPLICIT') {
dependencyCheck()
}
}
rtp parserName: 'HTML', nullAction: '1', stableText: """
<h2>Dependency-Check</h2>
<a href='${env.BUILD_URL}artifact/dependency-check-report.html' target='_blank'>Dependency-Check Report</a>
"""
}
}
stage('Prepare Artifacts for Archiving') {
steps {
sh '''
Expand Down
1 change: 0 additions & 1 deletion devtools/common/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,5 +86,4 @@
</plugin>
</plugins>
</build>

</project>
46 changes: 41 additions & 5 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,8 @@ license terms are available from Faktor Zehn GmbH.</comments>
<moditect-maven-plugin.version>1.0.0.Final</moditect-maven-plugin.version>
<flatten-maven-plugin.version>1.5.0</flatten-maven-plugin.version>
<auto-service.version>1.1.1</auto-service.version>
<dependency-check-plugin.version>9.1.0</dependency-check-plugin.version>
<dependency-check-postgres.version>42.7.3</dependency-check-postgres.version>
</properties>

<distributionManagement>
Expand Down Expand Up @@ -399,11 +401,6 @@ license terms are available from Faktor Zehn GmbH.</comments>
<artifactId>jacoco-maven-plugin</artifactId>
<version>${jacoco.version}</version>
</plugin>
<plugin>
<groupId>org.eclipse.tycho</groupId>
<artifactId>tycho-p2-plugin</artifactId>
<version>${tycho.version}</version>
</plugin>
</plugins>
</pluginManagement>
<plugins>
Expand Down Expand Up @@ -483,4 +480,43 @@ license terms are available from Faktor Zehn GmbH.</comments>
</plugin>
</plugins>
</reporting>
<profiles>
<profile>
<id>DependencyCheck</id>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${dependency-check-plugin.version}</version>
<dependencies>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>${dependency-check-postgres.version}</version>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>3.2.2</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
<version>2.12.0</version>
</dependency>
</dependencies>
<configuration>
<databaseDriverName>org.postgresql.Driver</databaseDriverName>
<!-- DB config must be set via parameters -->
<autoUpdate>false</autoUpdate>
<nodeAnalyzerEnabled>false</nodeAnalyzerEnabled>
<nodeAuditAnalyzerEnabled>false</nodeAuditAnalyzerEnabled>
<retireJsAnalyzerEnabled>false</retireJsAnalyzerEnabled>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>

0 comments on commit b612261

Please sign in to comment.