dependency-track/pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~ This file is part of Dependency-Track.
  ~
  ~ Licensed under the Apache License, Version 2.0 (the "License");
  ~ you may not use this file except in compliance with the License.
  ~ You may obtain a copy of the License at
  ~
  ~   http://www.apache.org/licenses/LICENSE-2.0
  ~
  ~ Unless required by applicable law or agreed to in writing, software
  ~ distributed under the License is distributed on an "AS IS" BASIS,
  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  ~ See the License for the specific language governing permissions and
  ~ limitations under the License.
  ~
  ~ SPDX-License-Identifier: Apache-2.0
  ~ Copyright (c) OWASP Foundation. All Rights Reserved.
  -->
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

    <parent>
        <groupId>us.springett</groupId>
        <artifactId>alpine-parent</artifactId>
        <version>3.3.0</version>
    </parent>

    <modelVersion>4.0.0</modelVersion>
    <groupId>org.dependencytrack</groupId>
    <artifactId>dependency-track</artifactId>
    <packaging>war</packaging>
    <version>4.14.0-SNAPSHOT</version>

    <name>Dependency-Track</name>
    <url>https://dependencytrack.org/</url>
    <description>Dependency-Track is an intelligent component analysis platform that allows organizations to identify and reduce risk in the software supply chain.</description>
    <inceptionYear>2013</inceptionYear>
    <organization>
        <name>OWASP</name>
    </organization>

    <licenses>
        <license>
            <name>Apache-2.0</name>
            <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
            <distribution>repo</distribution>
        </license>
    </licenses>

    <developers>
        <developer>
            <name>Steve Springett</name>
            <email>Steve.Springett@owasp.org</email>
            <organization>OWASP</organization>
            <organizationUrl>http://www.owasp.org/</organizationUrl>
            <roles>
                <role>Architect</role>
                <role>Developer</role>
            </roles>
        </developer>
    </developers>

    <scm>
        <connection>scm:git:git@github.com:DependencyTrack/dependency-track.git</connection>
        <url>https://github.com/DependencyTrack/dependency-track.git</url>
        <developerConnection>scm:git:git@github.com:DependencyTrack/dependency-track.git</developerConnection>
        <tag>HEAD</tag>
    </scm>

    <issueManagement>
        <system>github</system>
        <url>https://github.com/DependencyTrack/dependency-track/issues</url>
    </issueManagement>

    <ciManagement>
        <system>github-actions</system>
        <url>https://github.com/DependencyTrack/dependency-track/actions</url>
    </ciManagement>

    <properties>
        <!-- Java Version -->
        <maven.compiler.source>21</maven.compiler.source>
        <maven.compiler.target>21</maven.compiler.target>

        <!-- Dependency Versions -->
        <frontend.version>4.13.5</frontend.version>
        <lib.alpine.version>${project.parent.version}</lib.alpine.version>
        <lib.awaitility.version>4.3.0</lib.awaitility.version>
        <lib.brotli-decoder.version>0.1.2</lib.brotli-decoder.version>
        <lib.checkstyle.version>12.0.1</lib.checkstyle.version>
        <lib.cloud-sql-connector-jdbc-sqlserver.version>1.25.3</lib.cloud-sql-connector-jdbc-sqlserver.version>
        <lib.cloud-sql-mysql-socket-factory-connector-j-8.version>1.25.3</lib.cloud-sql-mysql-socket-factory-connector-j-8.version>
        <lib.cloud-sql-postgres-socket-factory.version>1.25.3</lib.cloud-sql-postgres-socket-factory.version>
        <lib.cpe-parser.version>3.0.0</lib.cpe-parser.version>
        <lib.commons-compress.version>1.28.0</lib.commons-compress.version>
        <lib.commons-text.version>1.14.0</lib.commons-text.version>
        <lib.ae-security.version>0.145.2</lib.ae-security.version>
        <lib.owasp-rr-calculator.version>1.0.1</lib.owasp-rr-calculator.version>
        <lib.cyclonedx-java.version>11.0.0</lib.cyclonedx-java.version>
        <lib.jakarta-validation.version>3.1.1</lib.jakarta-validation.version>
        <lib.greenmail.version>2.1.7</lib.greenmail.version>
        <lib.json-java.version>20250517</lib.json-java.version>
        <lib.json-unit.version>5.0.0</lib.json-unit.version>
        <lib.junit.version>5.11.4</lib.junit.version>
        <lib.lucene.version>8.11.4</lib.lucene.version>
        <lib.maven-artifact.version>3.9.11</lib.maven-artifact.version>
        <lib.mockserver-netty.version>5.15.0</lib.mockserver-netty.version>
        <lib.open-vulnerability-clients.version>9.0.1</lib.open-vulnerability-clients.version>
        <lib.packageurl.version>1.5.0</lib.packageurl.version>
        <lib.pebble.version>3.2.4</lib.pebble.version>
        <lib.protobuf-java.version>4.32.1</lib.protobuf-java.version>
        <lib.resilience4j.version>2.3.0</lib.resilience4j.version>
        <lib.swagger-parser.version>2.1.35</lib.swagger-parser.version>
        <lib.junit-pioneer.version>2.3.0</lib.junit-pioneer.version>
        <lib.testcontainers.version>2.0.0</lib.testcontainers.version>
        <lib.wiremock.version>2.35.2</lib.wiremock.version>
        <lib.woodstox.version>7.1.1</lib.woodstox.version>
        <lib.signpost-core.version>2.1.1</lib.signpost-core.version>
        <lib.httpclient.version>4.5.14</lib.httpclient.version>
        <lib.httpclient5.version>5.5.1</lib.httpclient5.version>
        <lib.log4j-over-slf4j.version>2.0.17</lib.log4j-over-slf4j.version>
        <lib.org-kohsuke-github-api.version>1.330</lib.org-kohsuke-github-api.version>
        <lib.com-asahaf-javacron.version>1.4.0</lib.com-asahaf-javacron.version>
        <!-- JDBC Drivers -->
        <lib.jdbc-driver.mssql.version>13.2.1.jre11</lib.jdbc-driver.mssql.version>
        <lib.jdbc-driver.mysql.version>8.2.0</lib.jdbc-driver.mysql.version>
        <lib.jdbc-driver.postgresql.version>42.7.8</lib.jdbc-driver.postgresql.version>
        <!-- Maven Plugin Properties -->
        <plugin.retirejs.breakOnFailure>false</plugin.retirejs.breakOnFailure>
        <plugin.jetty.version>12.1.2</plugin.jetty.version>
        <plugin.protoc-jar.version>3.11.4</plugin.protoc-jar.version>
        <!-- SonarCloud properties -->
        <sonar.exclusions>src/main/webapp/**</sonar.exclusions>
        <!-- CycloneDX CLI -->
        <cyclonedx-cli.path>cyclonedx</cyclonedx-cli.path>
        <services.bom.merge.skip>true</services.bom.merge.skip>
    </properties>

    <dependencies>
        <!-- Alpine -->
        <dependency>
            <groupId>us.springett</groupId>
            <artifactId>alpine-common</artifactId>
            <version>${lib.alpine.version}</version>
        </dependency>
        <dependency>
            <groupId>us.springett</groupId>
            <artifactId>alpine-model</artifactId>
            <version>${lib.alpine.version}</version>
        </dependency>
        <dependency>
            <groupId>us.springett</groupId>
            <artifactId>alpine-infra</artifactId>
            <version>${lib.alpine.version}</version>
        </dependency>
        <dependency>
            <groupId>us.springett</groupId>
            <artifactId>alpine-server</artifactId>
            <version>${lib.alpine.version}</version>
        </dependency>
        <!-- AE Security -->
        <dependency>
            <groupId>org.metaeffekt.core</groupId>
            <artifactId>ae-security</artifactId>
            <version>${lib.ae-security.version}</version>
        </dependency>
        <!-- OWASP Risk Rating calculator -->
        <dependency>
            <groupId>us.springett</groupId>
            <artifactId>owasp-risk-rating-calculator</artifactId>
            <version>${lib.owasp-rr-calculator.version}</version>
        </dependency>
        <!-- CPE Parser -->
        <dependency>
            <groupId>us.springett</groupId>
            <artifactId>cpe-parser</artifactId>
            <version>${lib.cpe-parser.version}</version>
        </dependency>
        <!-- CycloneDX -->
        <dependency>
            <groupId>org.cyclonedx</groupId>
            <artifactId>cyclonedx-core-java</artifactId>
            <version>${lib.cyclonedx-java.version}</version>
        </dependency>

        <!-- org.json
        This was previously transitively included with Unirest. However, Unirest v3.x removed reliance on org.json
        in favor of their own API compatible replacement. Therefore, it was necessary to directly include org.json.
        Removal of org.json is documented in https://github.com/DependencyTrack/dependency-track/issues/1113 -->
        <dependency>
            <groupId>org.json</groupId>
            <artifactId>json</artifactId>
            <version>${lib.json-java.version}</version>
        </dependency>

        <dependency>
            <groupId>jakarta.servlet</groupId>
            <artifactId>jakarta.servlet-api</artifactId>
            <scope>provided</scope>
        </dependency>

        <dependency>
            <groupId>jakarta.validation</groupId>
            <artifactId>jakarta.validation-api</artifactId>
            <version>${lib.jakarta-validation.version}</version>
        </dependency>

        <dependency>
            <groupId>com.github.package-url</groupId>
            <artifactId>packageurl-java</artifactId>
            <version>${lib.packageurl.version}</version>
        </dependency>

        <dependency>
            <groupId>org.apache.lucene</groupId>
            <artifactId>lucene-core</artifactId>
            <version>${lib.lucene.version}</version>
        </dependency>
        <dependency>
            <groupId>org.apache.lucene</groupId>
            <artifactId>lucene-analyzers-common</artifactId>
            <version>${lib.lucene.version}</version>
        </dependency>
        <dependency>
            <groupId>org.apache.lucene</groupId>
            <artifactId>lucene-queryparser</artifactId>
            <version>${lib.lucene.version}</version>
        </dependency>
        <dependency>
            <groupId>org.apache.lucene</groupId>
            <artifactId>lucene-queries</artifactId>
            <version>${lib.lucene.version}</version>
        </dependency>
        <dependency>
            <groupId>org.apache.lucene</groupId>
            <artifactId>lucene-sandbox</artifactId>
            <version>${lib.lucene.version}</version>
        </dependency>

        <dependency>
            <groupId>io.github.jeremylong</groupId>
            <artifactId>open-vulnerability-clients</artifactId>
            <version>${lib.open-vulnerability-clients.version}</version>
        </dependency>

        <dependency>
            <groupId>io.pebbletemplates</groupId>
            <artifactId>pebble</artifactId>
            <version>${lib.pebble.version}</version>
        </dependency>

        <dependency>
            <groupId>com.google.protobuf</groupId>
            <artifactId>protobuf-java</artifactId>
            <version>${lib.protobuf-java.version}</version>
        </dependency>
        <dependency>
            <groupId>com.google.protobuf</groupId>
            <artifactId>protobuf-java-util</artifactId>
            <version>${lib.protobuf-java.version}</version>
        </dependency>

        <dependency>
            <groupId>io.swagger.core.v3</groupId>
            <artifactId>swagger-jaxrs2-jakarta</artifactId>
            <version>${lib.swagger.version}</version>
        </dependency>
        <dependency>
            <groupId>io.swagger.parser.v3</groupId>
            <artifactId>swagger-parser</artifactId>
            <version>${lib.swagger-parser.version}</version>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpclient</artifactId>
            <version>${lib.httpclient.version}</version>
        </dependency>

        <dependency>
            <groupId>org.apache.httpcomponents.client5</groupId>
            <artifactId>httpclient5</artifactId>
            <version>${lib.httpclient5.version}</version>
        </dependency>

        <dependency>
            <groupId>oauth.signpost</groupId>
            <artifactId>signpost-core</artifactId>
            <version>${lib.signpost-core.version}</version>
        </dependency>

        <dependency>
            <groupId>org.brotli</groupId>
            <artifactId>dec</artifactId>
            <version>${lib.brotli-decoder.version}</version>
        </dependency>

        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpmime</artifactId>
            <version>${lib.httpclient.version}</version>
        </dependency>

        <dependency>
            <groupId>com.fasterxml.woodstox</groupId>
            <artifactId>woodstox-core</artifactId>
            <version>${lib.woodstox.version}</version>
        </dependency>

        <dependency>
            <groupId>org.apache.maven</groupId>
            <artifactId>maven-artifact</artifactId>
            <version>${lib.maven-artifact.version}</version>
        </dependency>

        <dependency>
            <groupId>com.microsoft.sqlserver</groupId>
            <artifactId>mssql-jdbc</artifactId>
            <version>${lib.jdbc-driver.mssql.version}</version>
        </dependency>
        <dependency>
            <groupId>com.mysql</groupId>
            <artifactId>mysql-connector-j</artifactId>
            <version>${lib.jdbc-driver.mysql.version}</version>
            <exclusions>
                <!--
                    Protobuf is only required for MySQL X DevAPI, which we do not use.
                    https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-installing-maven.html
                -->
                <exclusion>
                    <groupId>com.google.protobuf</groupId>
                    <artifactId>protobuf-java</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.postgresql</groupId>
            <artifactId>postgresql</artifactId>
            <version>${lib.jdbc-driver.postgresql.version}</version>
        </dependency>
        <dependency>
            <groupId>com.google.cloud.sql</groupId>
            <artifactId>mysql-socket-factory-connector-j-8</artifactId>
            <version>${lib.cloud-sql-mysql-socket-factory-connector-j-8.version}</version>
        </dependency>
        <dependency>
            <groupId>com.google.cloud.sql</groupId>
            <artifactId>postgres-socket-factory</artifactId>
            <version>${lib.cloud-sql-postgres-socket-factory.version}</version>
        </dependency>
        <dependency>
            <groupId>com.google.cloud.sql</groupId>
            <artifactId>cloud-sql-connector-jdbc-sqlserver</artifactId>
            <version>${lib.cloud-sql-connector-jdbc-sqlserver.version}</version>
        </dependency>

        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-compress</artifactId>
            <version>${lib.commons-compress.version}</version>
        </dependency>

        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-text</artifactId>
            <version>${lib.commons-text.version}</version>
        </dependency>

        <dependency>
            <groupId>io.github.resilience4j</groupId>
            <artifactId>resilience4j-retry</artifactId>
            <version>${lib.resilience4j.version}</version>
        </dependency>
        <dependency>
            <groupId>io.github.resilience4j</groupId>
            <artifactId>resilience4j-ratelimiter</artifactId>
            <version>${lib.resilience4j.version}</version>
        </dependency>
        <dependency>
            <groupId>io.github.resilience4j</groupId>
            <artifactId>resilience4j-micrometer</artifactId>
            <version>${lib.resilience4j.version}</version>
        </dependency>

        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>log4j-over-slf4j</artifactId>
            <version>${lib.log4j-over-slf4j.version}</version>
        </dependency>

        <dependency>
            <groupId>org.kohsuke</groupId>
            <artifactId>github-api</artifactId>
            <version>${lib.org-kohsuke-github-api.version}</version>
        </dependency>

        <dependency>
            <groupId>com.asahaf.javacron</groupId>
            <artifactId>javacron</artifactId>
            <version>${lib.com-asahaf-javacron.version}</version>
        </dependency>

        <!-- Test Dependencies -->
        <dependency>
            <groupId>org.junit.jupiter</groupId>
            <artifactId>junit-jupiter</artifactId>
            <version>${lib.junit.version}</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.junit.jupiter</groupId>
            <artifactId>junit-jupiter-api</artifactId>
            <version>${lib.junit.version}</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.junit.jupiter</groupId>
            <artifactId>junit-jupiter-engine</artifactId>
            <version>${lib.junit.version}</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.glassfish.jersey.test-framework.providers</groupId>
            <artifactId>jersey-test-framework-provider-grizzly2</artifactId>
            <version>${lib.jersey.version}</version>
            <scope>test</scope>
            <exclusions>
                <exclusion>
                    <groupId>junit</groupId>
                    <artifactId>junit</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.glassfish.jersey.connectors</groupId>
            <artifactId>jersey-grizzly-connector</artifactId>
            <version>${lib.jersey.version}</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.mockito</groupId>
            <artifactId>mockito-core</artifactId>
            <version>${lib.mockito.version}</version>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>com.github.tomakehurst</groupId>
            <artifactId>wiremock-jre8-standalone</artifactId>
            <version>${lib.wiremock.version}</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.junit-pioneer</groupId>
            <artifactId>junit-pioneer</artifactId>
            <version>${lib.junit-pioneer.version}</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.assertj</groupId>
            <artifactId>assertj-core</artifactId>
            <version>${lib.assertj.version}</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>net.javacrumbs.json-unit</groupId>
            <artifactId>json-unit-assertj</artifactId>
            <version>${lib.json-unit.version}</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.mock-server</groupId>
            <artifactId>mockserver-netty</artifactId>
            <version>${lib.mockserver-netty.version}</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.awaitility</groupId>
            <artifactId>awaitility</artifactId>
            <version>${lib.awaitility.version}</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>com.icegreen</groupId>
            <artifactId>greenmail-junit5</artifactId>
            <version>${lib.greenmail.version}</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.testcontainers</groupId>
            <artifactId>testcontainers</artifactId>
            <version>${lib.testcontainers.version}</version>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <finalName>${project.artifactId}</finalName>
        <resources>
            <resource>
                <directory>src/main/resources</directory>
                <filtering>false</filtering>
            </resource>
            <resource>
                <directory>src/main/resources</directory>
                <filtering>true</filtering>
                <includes>
                    <include>application.version</include>
                    <include>openapi-configuration.yaml</include>
                </includes>
            </resource>
        </resources>
        <testResources>
            <testResource>
                <directory>src/test/resources</directory>
                <filtering>false</filtering>
            </testResource>
        </testResources>
        <pluginManagement>
            <plugins>
                <!--
                    Plugin invocation is inherited from alpine-parent.
                    Because this is an application, there's no point in attaching sources.
                 -->
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-source-plugin</artifactId>
                    <executions>
                        <execution>
                            <id>attach-sources</id>
                            <phase>none</phase>
                        </execution>
                    </executions>
                </plugin>

                <!--
                    Plugin invocation is inherited from alpine-parent.
                    Because this is an application, there's no point in attaching javadocs.
                 -->
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-javadoc-plugin</artifactId>
                    <executions>
                        <execution>
                            <id>attach-javadocs</id>
                            <phase>none</phase>
                        </execution>
                    </executions>
                </plugin>
            </plugins>
        </pluginManagement>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-checkstyle-plugin</artifactId>
                <version>3.6.0</version>
                <configuration>
                    <configLocation>${project.basedir}/.checkstyle.xml</configLocation>
                    <includeResources>false</includeResources>
                    <includeTestResources>false</includeTestResources>
                </configuration>
                <executions>
                    <execution>
                        <phase>validate</phase>
                        <goals>
                            <goal>check</goal>
                        </goals>
                    </execution>
                </executions>
                <dependencies>
                    <dependency>
                        <groupId>com.puppycrawl.tools</groupId>
                        <artifactId>checkstyle</artifactId>
                        <version>${lib.checkstyle.version}</version>
                    </dependency>
                </dependencies>
            </plugin>
            <plugin>
                <groupId>io.github.ascopes</groupId>
                <artifactId>protobuf-maven-plugin</artifactId>
                <version>3.10.1</version>
                <configuration>
                    <protocVersion>${lib.protobuf-java.version}</protocVersion>
                    <sourceDirectories>
                        <sourceDirectory>${project.basedir}/src/main/proto</sourceDirectory>
                    </sourceDirectories>
                </configuration>
                <executions>
                    <execution>
                        <phase>generate-sources</phase>
                        <goals>
                            <goal>generate</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-surefire-plugin</artifactId>
                <configuration>
                    <systemProperties>
                        <property>
                            <name>java.util.logging.config.file</name>
                            <value>src/test/resources/logging.properties</value>
                        </property>
                    </systemProperties>
                    <reuseForks>true</reuseForks>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.jacoco</groupId>
                <artifactId>jacoco-maven-plugin</artifactId>
                <configuration>
                    <excludes>
                        <exclude>org/dependencytrack/upgrade/**/*</exclude>
                        <exclude>trivy/proto/**/*</exclude>
                    </excludes>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.cyclonedx</groupId>
                <artifactId>cyclonedx-maven-plugin</artifactId>
                <executions>
                    <execution>
                        <id>cyclonedx-aggregate</id>
                        <phase>prepare-package</phase>
                        <goals>
                            <goal>makeAggregateBom</goal>
                        </goals>
                    </execution>
                </executions>
                <configuration>
                    <projectType>application</projectType>
                    <schemaVersion>1.5</schemaVersion>
                    <includeCompileScope>true</includeCompileScope>
                    <includeProvidedScope>true</includeProvidedScope>
                    <includeRuntimeScope>true</includeRuntimeScope>
                    <includeSystemScope>true</includeSystemScope>
                    <includeTestScope>false</includeTestScope>
                    <includeLicenseText>false</includeLicenseText>
                    <outputReactorProjects>true</outputReactorProjects>
                    <outputFormat>json</outputFormat>
                    <skipNotDeployed>false</skipNotDeployed>
                    <externalReferences>
                        <externalReference>
                            <type>advisories</type>
                            <url>https://github.com/DependencyTrack/dependency-track/security/advisories</url>
                        </externalReference>
                        <externalReference>
                            <type>chat</type>
                            <url>https://dependencytrack.org/slack</url>
                        </externalReference>
                        <externalReference>
                            <type>documentation</type>
                            <url>https://docs.dependencytrack.org/</url>
                        </externalReference>
                        <externalReference>
                            <type>release-notes</type>
                            <url>https://docs.dependencytrack.org/changelog/</url>
                        </externalReference>
                        <externalReference>
                            <type>security-contact</type>
                            <url>mailto:security@dependencytrack.org</url>
                        </externalReference>
                        <externalReference>
                            <type>social</type>
                            <url>https://www.linkedin.com/company/owasp-dependency-track</url>
                        </externalReference>
                        <externalReference>
                            <type>social</type>
                            <url>https://x.com/dependencytrack</url>
                        </externalReference>
                    </externalReferences>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.codehaus.mojo</groupId>
                <artifactId>exec-maven-plugin</artifactId>
                <version>3.6.1</version>
                <executions>
                    <execution>
                        <id>merge-services-bom</id>
                        <phase>prepare-package</phase>
                        <goals>
                            <goal>exec</goal>
                        </goals>
                        <configuration>
                            <executable>${cyclonedx-cli.path}</executable>
                            <arguments>
                                <argument>merge</argument>
                                <argument>--input-files</argument>
                                <argument>${project.build.directory}/bom.json</argument>
                                <argument>${project.basedir}/src/main/resources/services.bom.json</argument>
                                <argument>--output-file</argument>
                                <argument>${project.build.directory}/bom.json</argument>
                            </arguments>
                            <skip>${services.bom.merge.skip}</skip>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <artifactId>maven-antrun-plugin</artifactId>
                <version>3.1.0</version>
                <executions>
                    <execution>
                        <id>deploy-bom</id>
                        <phase>prepare-package</phase>
                        <configuration>
                            <target>
                                <copy file="${project.build.directory}/bom.json"
                                      tofile="${project.build.directory}/${project.artifactId}/.well-known/sbom"/>
                            </target>
                        </configuration>
                        <goals>
                            <goal>run</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <groupId>org.eclipse.jetty.ee10</groupId>
                <artifactId>jetty-ee10-maven-plugin</artifactId>
                <version>${plugin.jetty.version}</version>
                <configuration>
                    <systemProperties>
                        <dev.mode.enabled>true</dev.mode.enabled>
                    </systemProperties>
                    <webApp>
                        <!-- Disable classpath scanning. -->
                        <containerIncludeJarPattern>^$</containerIncludeJarPattern>
                        <webInfIncludeJarPattern>^$</webInfIncludeJarPattern>
                    </webApp>
                </configuration>
            </plugin>
        </plugins>
    </build>

    <profiles>
        <profile>
            <id>quick</id>
            <activation>
                <property>
                    <name>quickly</name>
                </property>
            </activation>
            <properties>
                <checkstyle.skip>true</checkstyle.skip>
                <jacoco.skip>true</jacoco.skip>
                <maven.test.skip>true</maven.test.skip>
            </properties>
        </profile>
        <profile>
            <id>clean-exclude-wars</id>
            <build>
                <pluginManagement>
                    <plugins>
                        <plugin>
                            <groupId>org.apache.maven.plugins</groupId>
                            <artifactId>maven-clean-plugin</artifactId>
                            <version>3.5.0</version>
                            <configuration>
                                <excludeDefaultDirectories>true</excludeDefaultDirectories>
                                <filesets>
                                    <fileset>
                                        <directory>target</directory>
                                        <followSymlinks>false</followSymlinks>
                                        <useDefaultExcludes>false</useDefaultExcludes>
                                        <includes>
                                            <include>*/</include>
                                        </includes>
                                        <excludes>
                                            <exclude>dependency-track*.jar</exclude>
                                        </excludes>
                                    </fileset>
                                </filesets>
                            </configuration>
                        </plugin>
                    </plugins>
                </pluginManagement>
            </build>
        </profile>
        <profile>
            <id>embedded-jetty</id>
            <activation>
                <property>
                    <name>env.ACTIVATE_EMBEDDED_JETTY</name>
                    <value>true</value>
                </property>
            </activation>
            <properties>
                <war-embedded-finalname>${project.build.finalName}-apiserver</war-embedded-finalname>
            </properties>
        </profile>
        <profile>
            <id>h2-console</id>
            <build>
                <plugins>
                    <plugin>
                        <groupId>org.eclipse.jetty.ee10</groupId>
                        <artifactId>jetty-ee10-maven-plugin</artifactId>
                        <version>${plugin.jetty.version}</version>
                        <configuration>
                            <systemProperties>
                                <dev.mode.enabled>true</dev.mode.enabled>
                            </systemProperties>
                            <webApp>
                                <!-- Disable classpath scanning. -->
                                <containerIncludeJarPattern>^$</containerIncludeJarPattern>
                                <webInfIncludeJarPattern>^$</webInfIncludeJarPattern>
                                <overrideDescriptor>src/test/webapp/WEB-INF/h2-console-web.xml</overrideDescriptor>
                            </webApp>
                        </configuration>
                    </plugin>
                </plugins>
            </build>
        </profile>
        <profile>
            <id>bundle-ui</id>
            <activation>
                <property>
                    <name>env.ACTIVATE_BUNDLE_UI</name>
                    <value>true</value>
                </property>
            </activation>
            <properties>
                <war-embedded-finalname>${project.build.finalName}-bundled</war-embedded-finalname>
            </properties>
            <build>
                <plugins>
                    <plugin>
                        <artifactId>maven-antrun-plugin</artifactId>
                        <version>3.1.0</version>
                        <executions>
                            <execution>
                                <id>frontend-download</id>
                                <phase>prepare-package</phase>
                                <configuration>
                                    <target>
                                        <get src="https://github.com/DependencyTrack/frontend/releases/download/${frontend.version}/frontend-dist.zip" dest="${project.build.directory}" verbose="true"/>
                                    </target>
                                </configuration>
                                <goals>
                                    <goal>run</goal>
                                </goals>
                            </execution>
                            <execution>
                                <id>frontend-extract</id>
                                <phase>prepare-package</phase>
                                <configuration>
                                    <target>
                                        <unzip src="${project.build.directory}/frontend-dist.zip" dest="${project.build.directory}/frontend">
                                        </unzip>
                                    </target>
                                </configuration>
                                <goals>
                                    <goal>run</goal>
                                </goals>
                            </execution>
                            <execution>
                                <id>frontend-resource-deploy</id>
                                <phase>prepare-package</phase>
                                <configuration>
                                    <target>
                                        <copy todir="${project.build.directory}/${project.artifactId}">
                                            <fileset dir="${project.build.directory}/frontend/dist">
                                                <include name="**/*"/>
                                            </fileset>
                                        </copy>
                                    </target>
                                </configuration>
                                <goals>
                                    <goal>run</goal>
                                </goals>
                            </execution>
                        </executions>
                    </plugin>
                </plugins>
            </build>
        </profile>
    </profiles>

</project>