mirror of
https://github.com/DependencyTrack/dependency-track.git
synced 2025-10-19 07:53:18 +00:00
![dependabot[bot]](/assets/img/avatar_default.png)
Bumps org.metaeffekt.core:ae-security from 0.144.1 to 0.145.0. --- updated-dependencies: - dependency-name: org.metaeffekt.core:ae-security dependency-version: 0.145.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
886 lines
37 KiB
XML
886 lines
37 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!--
|
|
~ This file is part of Dependency-Track.
|
|
~
|
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
|
~ you may not use this file except in compliance with the License.
|
|
~ You may obtain a copy of the License at
|
|
~
|
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
~
|
|
~ Unless required by applicable law or agreed to in writing, software
|
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
~ See the License for the specific language governing permissions and
|
|
~ limitations under the License.
|
|
~
|
|
~ SPDX-License-Identifier: Apache-2.0
|
|
~ Copyright (c) OWASP Foundation. All Rights Reserved.
|
|
-->
|
|
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
|
|
|
<parent>
|
|
<groupId>us.springett</groupId>
|
|
<artifactId>alpine-parent</artifactId>
|
|
<version>3.3.0</version>
|
|
</parent>
|
|
|
|
<modelVersion>4.0.0</modelVersion>
|
|
<groupId>org.dependencytrack</groupId>
|
|
<artifactId>dependency-track</artifactId>
|
|
<packaging>war</packaging>
|
|
<version>4.14.0-SNAPSHOT</version>
|
|
|
|
<name>Dependency-Track</name>
|
|
<url>https://dependencytrack.org/</url>
|
|
<description>Dependency-Track is an intelligent component analysis platform that allows organizations to identify and reduce risk in the software supply chain.</description>
|
|
<inceptionYear>2013</inceptionYear>
|
|
<organization>
|
|
<name>OWASP</name>
|
|
</organization>
|
|
|
|
<licenses>
|
|
<license>
|
|
<name>Apache-2.0</name>
|
|
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
|
|
<distribution>repo</distribution>
|
|
</license>
|
|
</licenses>
|
|
|
|
<developers>
|
|
<developer>
|
|
<name>Steve Springett</name>
|
|
<email>Steve.Springett@owasp.org</email>
|
|
<organization>OWASP</organization>
|
|
<organizationUrl>http://www.owasp.org/</organizationUrl>
|
|
<roles>
|
|
<role>Architect</role>
|
|
<role>Developer</role>
|
|
</roles>
|
|
</developer>
|
|
</developers>
|
|
|
|
<scm>
|
|
<connection>scm:git:git@github.com:DependencyTrack/dependency-track.git</connection>
|
|
<url>https://github.com/DependencyTrack/dependency-track.git</url>
|
|
<developerConnection>scm:git:git@github.com:DependencyTrack/dependency-track.git</developerConnection>
|
|
<tag>HEAD</tag>
|
|
</scm>
|
|
|
|
<issueManagement>
|
|
<system>github</system>
|
|
<url>https://github.com/DependencyTrack/dependency-track/issues</url>
|
|
</issueManagement>
|
|
|
|
<ciManagement>
|
|
<system>github-actions</system>
|
|
<url>https://github.com/DependencyTrack/dependency-track/actions</url>
|
|
</ciManagement>
|
|
|
|
<properties>
|
|
<!-- Java Version -->
|
|
<maven.compiler.source>21</maven.compiler.source>
|
|
<maven.compiler.target>21</maven.compiler.target>
|
|
|
|
<!-- Dependency Versions -->
|
|
<frontend.version>4.13.4</frontend.version>
|
|
<lib.alpine.version>${project.parent.version}</lib.alpine.version>
|
|
<lib.awaitility.version>4.3.0</lib.awaitility.version>
|
|
<lib.brotli-decoder.version>0.1.2</lib.brotli-decoder.version>
|
|
<lib.checkstyle.version>11.1.0</lib.checkstyle.version>
|
|
<lib.cloud-sql-connector-jdbc-sqlserver.version>1.25.3</lib.cloud-sql-connector-jdbc-sqlserver.version>
|
|
<lib.cloud-sql-mysql-socket-factory-connector-j-8.version>1.25.3</lib.cloud-sql-mysql-socket-factory-connector-j-8.version>
|
|
<lib.cloud-sql-postgres-socket-factory.version>1.25.3</lib.cloud-sql-postgres-socket-factory.version>
|
|
<lib.cpe-parser.version>3.0.0</lib.cpe-parser.version>
|
|
<lib.commons-compress.version>1.28.0</lib.commons-compress.version>
|
|
<lib.commons-text.version>1.14.0</lib.commons-text.version>
|
|
<lib.ae-security.version>0.145.0</lib.ae-security.version>
|
|
<lib.owasp-rr-calculator.version>1.0.1</lib.owasp-rr-calculator.version>
|
|
<lib.cyclonedx-java.version>11.0.0</lib.cyclonedx-java.version>
|
|
<lib.jakarta-validation.version>3.1.1</lib.jakarta-validation.version>
|
|
<lib.greenmail.version>2.1.6</lib.greenmail.version>
|
|
<lib.json-java.version>20250517</lib.json-java.version>
|
|
<lib.json-unit.version>4.1.1</lib.json-unit.version>
|
|
<lib.junit.version>5.11.4</lib.junit.version>
|
|
<lib.lucene.version>8.11.4</lib.lucene.version>
|
|
<lib.maven-artifact.version>3.9.11</lib.maven-artifact.version>
|
|
<lib.mockserver-netty.version>5.15.0</lib.mockserver-netty.version>
|
|
<lib.open-vulnerability-clients.version>9.0.1</lib.open-vulnerability-clients.version>
|
|
<lib.packageurl.version>1.5.0</lib.packageurl.version>
|
|
<lib.pebble.version>3.2.4</lib.pebble.version>
|
|
<lib.protobuf-java.version>4.32.1</lib.protobuf-java.version>
|
|
<lib.resilience4j.version>2.3.0</lib.resilience4j.version>
|
|
<lib.swagger-parser.version>2.1.34</lib.swagger-parser.version>
|
|
<lib.junit-pioneer.version>2.3.0</lib.junit-pioneer.version>
|
|
<lib.testcontainers.version>1.21.3</lib.testcontainers.version>
|
|
<lib.wiremock.version>2.35.2</lib.wiremock.version>
|
|
<lib.woodstox.version>7.1.1</lib.woodstox.version>
|
|
<lib.signpost-core.version>2.1.1</lib.signpost-core.version>
|
|
<lib.httpclient.version>4.5.14</lib.httpclient.version>
|
|
<lib.httpclient5.version>5.5.1</lib.httpclient5.version>
|
|
<lib.log4j-over-slf4j.version>2.0.17</lib.log4j-over-slf4j.version>
|
|
<lib.org-kohsuke-github-api.version>1.330</lib.org-kohsuke-github-api.version>
|
|
<lib.com-asahaf-javacron.version>1.4.0</lib.com-asahaf-javacron.version>
|
|
<!-- JDBC Drivers -->
|
|
<lib.jdbc-driver.mssql.version>13.2.0.jre11</lib.jdbc-driver.mssql.version>
|
|
<lib.jdbc-driver.mysql.version>8.2.0</lib.jdbc-driver.mysql.version>
|
|
<lib.jdbc-driver.postgresql.version>42.7.8</lib.jdbc-driver.postgresql.version>
|
|
<!-- Maven Plugin Properties -->
|
|
<plugin.retirejs.breakOnFailure>false</plugin.retirejs.breakOnFailure>
|
|
<plugin.jetty.version>12.1.1</plugin.jetty.version>
|
|
<plugin.protoc-jar.version>3.11.4</plugin.protoc-jar.version>
|
|
<!-- SonarCloud properties -->
|
|
<sonar.exclusions>src/main/webapp/**</sonar.exclusions>
|
|
<!-- CycloneDX CLI -->
|
|
<cyclonedx-cli.path>cyclonedx</cyclonedx-cli.path>
|
|
<services.bom.merge.skip>true</services.bom.merge.skip>
|
|
</properties>
|
|
|
|
<dependencies>
|
|
<!-- Alpine -->
|
|
<dependency>
|
|
<groupId>us.springett</groupId>
|
|
<artifactId>alpine-common</artifactId>
|
|
<version>${lib.alpine.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>us.springett</groupId>
|
|
<artifactId>alpine-model</artifactId>
|
|
<version>${lib.alpine.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>us.springett</groupId>
|
|
<artifactId>alpine-infra</artifactId>
|
|
<version>${lib.alpine.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>us.springett</groupId>
|
|
<artifactId>alpine-server</artifactId>
|
|
<version>${lib.alpine.version}</version>
|
|
</dependency>
|
|
<!-- AE Security -->
|
|
<dependency>
|
|
<groupId>org.metaeffekt.core</groupId>
|
|
<artifactId>ae-security</artifactId>
|
|
<version>${lib.ae-security.version}</version>
|
|
</dependency>
|
|
<!-- OWASP Risk Rating calculator -->
|
|
<dependency>
|
|
<groupId>us.springett</groupId>
|
|
<artifactId>owasp-risk-rating-calculator</artifactId>
|
|
<version>${lib.owasp-rr-calculator.version}</version>
|
|
</dependency>
|
|
<!-- CPE Parser -->
|
|
<dependency>
|
|
<groupId>us.springett</groupId>
|
|
<artifactId>cpe-parser</artifactId>
|
|
<version>${lib.cpe-parser.version}</version>
|
|
</dependency>
|
|
<!-- CycloneDX -->
|
|
<dependency>
|
|
<groupId>org.cyclonedx</groupId>
|
|
<artifactId>cyclonedx-core-java</artifactId>
|
|
<version>${lib.cyclonedx-java.version}</version>
|
|
</dependency>
|
|
|
|
<!-- org.json
|
|
This was previously transitively included with Unirest. However, Unirest v3.x removed reliance on org.json
|
|
in favor of their own API compatible replacement. Therefore, it was necessary to directly include org.json.
|
|
Removal of org.json is documented in https://github.com/DependencyTrack/dependency-track/issues/1113 -->
|
|
<dependency>
|
|
<groupId>org.json</groupId>
|
|
<artifactId>json</artifactId>
|
|
<version>${lib.json-java.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>jakarta.servlet</groupId>
|
|
<artifactId>jakarta.servlet-api</artifactId>
|
|
<scope>provided</scope>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>jakarta.validation</groupId>
|
|
<artifactId>jakarta.validation-api</artifactId>
|
|
<version>${lib.jakarta-validation.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>com.github.package-url</groupId>
|
|
<artifactId>packageurl-java</artifactId>
|
|
<version>${lib.packageurl.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.apache.lucene</groupId>
|
|
<artifactId>lucene-core</artifactId>
|
|
<version>${lib.lucene.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.lucene</groupId>
|
|
<artifactId>lucene-analyzers-common</artifactId>
|
|
<version>${lib.lucene.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.lucene</groupId>
|
|
<artifactId>lucene-queryparser</artifactId>
|
|
<version>${lib.lucene.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.lucene</groupId>
|
|
<artifactId>lucene-queries</artifactId>
|
|
<version>${lib.lucene.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.lucene</groupId>
|
|
<artifactId>lucene-sandbox</artifactId>
|
|
<version>${lib.lucene.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>io.github.jeremylong</groupId>
|
|
<artifactId>open-vulnerability-clients</artifactId>
|
|
<version>${lib.open-vulnerability-clients.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>io.pebbletemplates</groupId>
|
|
<artifactId>pebble</artifactId>
|
|
<version>${lib.pebble.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>com.google.protobuf</groupId>
|
|
<artifactId>protobuf-java</artifactId>
|
|
<version>${lib.protobuf-java.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.google.protobuf</groupId>
|
|
<artifactId>protobuf-java-util</artifactId>
|
|
<version>${lib.protobuf-java.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>io.swagger.core.v3</groupId>
|
|
<artifactId>swagger-jaxrs2-jakarta</artifactId>
|
|
<version>${lib.swagger.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.swagger.parser.v3</groupId>
|
|
<artifactId>swagger-parser</artifactId>
|
|
<version>${lib.swagger-parser.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.apache.httpcomponents</groupId>
|
|
<artifactId>httpclient</artifactId>
|
|
<version>${lib.httpclient.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.apache.httpcomponents.client5</groupId>
|
|
<artifactId>httpclient5</artifactId>
|
|
<version>${lib.httpclient5.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>oauth.signpost</groupId>
|
|
<artifactId>signpost-core</artifactId>
|
|
<version>${lib.signpost-core.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.brotli</groupId>
|
|
<artifactId>dec</artifactId>
|
|
<version>${lib.brotli-decoder.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.apache.httpcomponents</groupId>
|
|
<artifactId>httpmime</artifactId>
|
|
<version>${lib.httpclient.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>com.fasterxml.woodstox</groupId>
|
|
<artifactId>woodstox-core</artifactId>
|
|
<version>${lib.woodstox.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.apache.maven</groupId>
|
|
<artifactId>maven-artifact</artifactId>
|
|
<version>${lib.maven-artifact.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>com.microsoft.sqlserver</groupId>
|
|
<artifactId>mssql-jdbc</artifactId>
|
|
<version>${lib.jdbc-driver.mssql.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.mysql</groupId>
|
|
<artifactId>mysql-connector-j</artifactId>
|
|
<version>${lib.jdbc-driver.mysql.version}</version>
|
|
<exclusions>
|
|
<!--
|
|
Protobuf is only required for MySQL X DevAPI, which we do not use.
|
|
https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-installing-maven.html
|
|
-->
|
|
<exclusion>
|
|
<groupId>com.google.protobuf</groupId>
|
|
<artifactId>protobuf-java</artifactId>
|
|
</exclusion>
|
|
</exclusions>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.postgresql</groupId>
|
|
<artifactId>postgresql</artifactId>
|
|
<version>${lib.jdbc-driver.postgresql.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.google.cloud.sql</groupId>
|
|
<artifactId>mysql-socket-factory-connector-j-8</artifactId>
|
|
<version>${lib.cloud-sql-mysql-socket-factory-connector-j-8.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.google.cloud.sql</groupId>
|
|
<artifactId>postgres-socket-factory</artifactId>
|
|
<version>${lib.cloud-sql-postgres-socket-factory.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.google.cloud.sql</groupId>
|
|
<artifactId>cloud-sql-connector-jdbc-sqlserver</artifactId>
|
|
<version>${lib.cloud-sql-connector-jdbc-sqlserver.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.apache.commons</groupId>
|
|
<artifactId>commons-compress</artifactId>
|
|
<version>${lib.commons-compress.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.apache.commons</groupId>
|
|
<artifactId>commons-text</artifactId>
|
|
<version>${lib.commons-text.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>io.github.resilience4j</groupId>
|
|
<artifactId>resilience4j-retry</artifactId>
|
|
<version>${lib.resilience4j.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.github.resilience4j</groupId>
|
|
<artifactId>resilience4j-ratelimiter</artifactId>
|
|
<version>${lib.resilience4j.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.github.resilience4j</groupId>
|
|
<artifactId>resilience4j-micrometer</artifactId>
|
|
<version>${lib.resilience4j.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.slf4j</groupId>
|
|
<artifactId>log4j-over-slf4j</artifactId>
|
|
<version>${lib.log4j-over-slf4j.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.kohsuke</groupId>
|
|
<artifactId>github-api</artifactId>
|
|
<version>${lib.org-kohsuke-github-api.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>com.asahaf.javacron</groupId>
|
|
<artifactId>javacron</artifactId>
|
|
<version>${lib.com-asahaf-javacron.version}</version>
|
|
</dependency>
|
|
|
|
<!-- Test Dependencies -->
|
|
<dependency>
|
|
<groupId>org.junit.jupiter</groupId>
|
|
<artifactId>junit-jupiter</artifactId>
|
|
<version>${lib.junit.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.junit.jupiter</groupId>
|
|
<artifactId>junit-jupiter-api</artifactId>
|
|
<version>${lib.junit.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.junit.jupiter</groupId>
|
|
<artifactId>junit-jupiter-engine</artifactId>
|
|
<version>${lib.junit.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.glassfish.jersey.test-framework.providers</groupId>
|
|
<artifactId>jersey-test-framework-provider-grizzly2</artifactId>
|
|
<version>${lib.jersey.version}</version>
|
|
<scope>test</scope>
|
|
<exclusions>
|
|
<exclusion>
|
|
<groupId>junit</groupId>
|
|
<artifactId>junit</artifactId>
|
|
</exclusion>
|
|
</exclusions>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.glassfish.jersey.connectors</groupId>
|
|
<artifactId>jersey-grizzly-connector</artifactId>
|
|
<version>${lib.jersey.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.mockito</groupId>
|
|
<artifactId>mockito-core</artifactId>
|
|
<version>${lib.mockito.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>com.github.tomakehurst</groupId>
|
|
<artifactId>wiremock-jre8-standalone</artifactId>
|
|
<version>${lib.wiremock.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.junit-pioneer</groupId>
|
|
<artifactId>junit-pioneer</artifactId>
|
|
<version>${lib.junit-pioneer.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.assertj</groupId>
|
|
<artifactId>assertj-core</artifactId>
|
|
<version>${lib.assertj.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>net.javacrumbs.json-unit</groupId>
|
|
<artifactId>json-unit-assertj</artifactId>
|
|
<version>${lib.json-unit.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.mock-server</groupId>
|
|
<artifactId>mockserver-netty</artifactId>
|
|
<version>${lib.mockserver-netty.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.awaitility</groupId>
|
|
<artifactId>awaitility</artifactId>
|
|
<version>${lib.awaitility.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.icegreen</groupId>
|
|
<artifactId>greenmail-junit5</artifactId>
|
|
<version>${lib.greenmail.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.testcontainers</groupId>
|
|
<artifactId>testcontainers</artifactId>
|
|
<version>${lib.testcontainers.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
</dependencies>
|
|
|
|
<build>
|
|
<finalName>${project.artifactId}</finalName>
|
|
<resources>
|
|
<resource>
|
|
<directory>src/main/resources</directory>
|
|
<filtering>false</filtering>
|
|
</resource>
|
|
<resource>
|
|
<directory>src/main/resources</directory>
|
|
<filtering>true</filtering>
|
|
<includes>
|
|
<include>application.version</include>
|
|
<include>openapi-configuration.yaml</include>
|
|
</includes>
|
|
</resource>
|
|
</resources>
|
|
<testResources>
|
|
<testResource>
|
|
<directory>src/test/resources</directory>
|
|
<filtering>false</filtering>
|
|
</testResource>
|
|
</testResources>
|
|
<pluginManagement>
|
|
<plugins>
|
|
<!--
|
|
Plugin invocation is inherited from alpine-parent.
|
|
Because this is an application, there's no point in attaching sources.
|
|
-->
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-source-plugin</artifactId>
|
|
<executions>
|
|
<execution>
|
|
<id>attach-sources</id>
|
|
<phase>none</phase>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
|
|
<!--
|
|
Plugin invocation is inherited from alpine-parent.
|
|
Because this is an application, there's no point in attaching javadocs.
|
|
-->
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-javadoc-plugin</artifactId>
|
|
<executions>
|
|
<execution>
|
|
<id>attach-javadocs</id>
|
|
<phase>none</phase>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
</plugins>
|
|
</pluginManagement>
|
|
<plugins>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-checkstyle-plugin</artifactId>
|
|
<version>3.6.0</version>
|
|
<configuration>
|
|
<configLocation>${project.basedir}/.checkstyle.xml</configLocation>
|
|
<includeResources>false</includeResources>
|
|
<includeTestResources>false</includeTestResources>
|
|
</configuration>
|
|
<executions>
|
|
<execution>
|
|
<phase>validate</phase>
|
|
<goals>
|
|
<goal>check</goal>
|
|
</goals>
|
|
</execution>
|
|
</executions>
|
|
<dependencies>
|
|
<dependency>
|
|
<groupId>com.puppycrawl.tools</groupId>
|
|
<artifactId>checkstyle</artifactId>
|
|
<version>${lib.checkstyle.version}</version>
|
|
</dependency>
|
|
</dependencies>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>io.github.ascopes</groupId>
|
|
<artifactId>protobuf-maven-plugin</artifactId>
|
|
<version>3.9.1</version>
|
|
<configuration>
|
|
<protocVersion>${lib.protobuf-java.version}</protocVersion>
|
|
<sourceDirectories>
|
|
<sourceDirectory>${project.basedir}/src/main/proto</sourceDirectory>
|
|
</sourceDirectories>
|
|
</configuration>
|
|
<executions>
|
|
<execution>
|
|
<phase>generate-sources</phase>
|
|
<goals>
|
|
<goal>generate</goal>
|
|
</goals>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-surefire-plugin</artifactId>
|
|
<configuration>
|
|
<systemProperties>
|
|
<property>
|
|
<name>java.util.logging.config.file</name>
|
|
<value>src/test/resources/logging.properties</value>
|
|
</property>
|
|
</systemProperties>
|
|
<reuseForks>true</reuseForks>
|
|
</configuration>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.jacoco</groupId>
|
|
<artifactId>jacoco-maven-plugin</artifactId>
|
|
<configuration>
|
|
<excludes>
|
|
<exclude>org/dependencytrack/upgrade/**/*</exclude>
|
|
<exclude>trivy/proto/**/*</exclude>
|
|
</excludes>
|
|
</configuration>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.cyclonedx</groupId>
|
|
<artifactId>cyclonedx-maven-plugin</artifactId>
|
|
<executions>
|
|
<execution>
|
|
<id>cyclonedx-aggregate</id>
|
|
<phase>prepare-package</phase>
|
|
<goals>
|
|
<goal>makeAggregateBom</goal>
|
|
</goals>
|
|
</execution>
|
|
</executions>
|
|
<configuration>
|
|
<projectType>application</projectType>
|
|
<schemaVersion>1.5</schemaVersion>
|
|
<includeCompileScope>true</includeCompileScope>
|
|
<includeProvidedScope>true</includeProvidedScope>
|
|
<includeRuntimeScope>true</includeRuntimeScope>
|
|
<includeSystemScope>true</includeSystemScope>
|
|
<includeTestScope>false</includeTestScope>
|
|
<includeLicenseText>false</includeLicenseText>
|
|
<outputReactorProjects>true</outputReactorProjects>
|
|
<outputFormat>json</outputFormat>
|
|
<skipNotDeployed>false</skipNotDeployed>
|
|
<externalReferences>
|
|
<externalReference>
|
|
<type>advisories</type>
|
|
<url>https://github.com/DependencyTrack/dependency-track/security/advisories</url>
|
|
</externalReference>
|
|
<externalReference>
|
|
<type>chat</type>
|
|
<url>https://dependencytrack.org/slack</url>
|
|
</externalReference>
|
|
<externalReference>
|
|
<type>documentation</type>
|
|
<url>https://docs.dependencytrack.org/</url>
|
|
</externalReference>
|
|
<externalReference>
|
|
<type>release-notes</type>
|
|
<url>https://docs.dependencytrack.org/changelog/</url>
|
|
</externalReference>
|
|
<externalReference>
|
|
<type>security-contact</type>
|
|
<url>mailto:security@dependencytrack.org</url>
|
|
</externalReference>
|
|
<externalReference>
|
|
<type>social</type>
|
|
<url>https://www.linkedin.com/company/owasp-dependency-track</url>
|
|
</externalReference>
|
|
<externalReference>
|
|
<type>social</type>
|
|
<url>https://x.com/dependencytrack</url>
|
|
</externalReference>
|
|
</externalReferences>
|
|
</configuration>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.codehaus.mojo</groupId>
|
|
<artifactId>exec-maven-plugin</artifactId>
|
|
<version>3.6.0</version>
|
|
<executions>
|
|
<execution>
|
|
<id>merge-services-bom</id>
|
|
<phase>prepare-package</phase>
|
|
<goals>
|
|
<goal>exec</goal>
|
|
</goals>
|
|
<configuration>
|
|
<executable>${cyclonedx-cli.path}</executable>
|
|
<arguments>
|
|
<argument>merge</argument>
|
|
<argument>--input-files</argument>
|
|
<argument>${project.build.directory}/bom.json</argument>
|
|
<argument>${project.basedir}/src/main/resources/services.bom.json</argument>
|
|
<argument>--output-file</argument>
|
|
<argument>${project.build.directory}/bom.json</argument>
|
|
</arguments>
|
|
<skip>${services.bom.merge.skip}</skip>
|
|
</configuration>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
<plugin>
|
|
<artifactId>maven-antrun-plugin</artifactId>
|
|
<version>3.1.0</version>
|
|
<executions>
|
|
<execution>
|
|
<id>deploy-bom</id>
|
|
<phase>prepare-package</phase>
|
|
<configuration>
|
|
<target>
|
|
<copy file="${project.build.directory}/bom.json"
|
|
tofile="${project.build.directory}/${project.artifactId}/.well-known/sbom"/>
|
|
</target>
|
|
</configuration>
|
|
<goals>
|
|
<goal>run</goal>
|
|
</goals>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.eclipse.jetty.ee10</groupId>
|
|
<artifactId>jetty-ee10-maven-plugin</artifactId>
|
|
<version>${plugin.jetty.version}</version>
|
|
<configuration>
|
|
<systemProperties>
|
|
<dev.mode.enabled>true</dev.mode.enabled>
|
|
</systemProperties>
|
|
<webApp>
|
|
<!-- Disable classpath scanning. -->
|
|
<containerIncludeJarPattern>^$</containerIncludeJarPattern>
|
|
<webInfIncludeJarPattern>^$</webInfIncludeJarPattern>
|
|
</webApp>
|
|
</configuration>
|
|
</plugin>
|
|
</plugins>
|
|
</build>
|
|
|
|
<profiles>
|
|
<profile>
|
|
<id>quick</id>
|
|
<activation>
|
|
<property>
|
|
<name>quickly</name>
|
|
</property>
|
|
</activation>
|
|
<properties>
|
|
<checkstyle.skip>true</checkstyle.skip>
|
|
<jacoco.skip>true</jacoco.skip>
|
|
<maven.test.skip>true</maven.test.skip>
|
|
</properties>
|
|
</profile>
|
|
<profile>
|
|
<id>clean-exclude-wars</id>
|
|
<build>
|
|
<pluginManagement>
|
|
<plugins>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-clean-plugin</artifactId>
|
|
<version>3.5.0</version>
|
|
<configuration>
|
|
<excludeDefaultDirectories>true</excludeDefaultDirectories>
|
|
<filesets>
|
|
<fileset>
|
|
<directory>target</directory>
|
|
<followSymlinks>false</followSymlinks>
|
|
<useDefaultExcludes>false</useDefaultExcludes>
|
|
<includes>
|
|
<include>*/</include>
|
|
</includes>
|
|
<excludes>
|
|
<exclude>dependency-track*.jar</exclude>
|
|
</excludes>
|
|
</fileset>
|
|
</filesets>
|
|
</configuration>
|
|
</plugin>
|
|
</plugins>
|
|
</pluginManagement>
|
|
</build>
|
|
</profile>
|
|
<profile>
|
|
<id>embedded-jetty</id>
|
|
<activation>
|
|
<property>
|
|
<name>env.ACTIVATE_EMBEDDED_JETTY</name>
|
|
<value>true</value>
|
|
</property>
|
|
</activation>
|
|
<properties>
|
|
<war-embedded-finalname>${project.build.finalName}-apiserver</war-embedded-finalname>
|
|
</properties>
|
|
</profile>
|
|
<profile>
|
|
<id>h2-console</id>
|
|
<build>
|
|
<plugins>
|
|
<plugin>
|
|
<groupId>org.eclipse.jetty.ee10</groupId>
|
|
<artifactId>jetty-ee10-maven-plugin</artifactId>
|
|
<version>${plugin.jetty.version}</version>
|
|
<configuration>
|
|
<systemProperties>
|
|
<dev.mode.enabled>true</dev.mode.enabled>
|
|
</systemProperties>
|
|
<webApp>
|
|
<!-- Disable classpath scanning. -->
|
|
<containerIncludeJarPattern>^$</containerIncludeJarPattern>
|
|
<webInfIncludeJarPattern>^$</webInfIncludeJarPattern>
|
|
<overrideDescriptor>src/test/webapp/WEB-INF/h2-console-web.xml</overrideDescriptor>
|
|
</webApp>
|
|
</configuration>
|
|
</plugin>
|
|
</plugins>
|
|
</build>
|
|
</profile>
|
|
<profile>
|
|
<id>bundle-ui</id>
|
|
<activation>
|
|
<property>
|
|
<name>env.ACTIVATE_BUNDLE_UI</name>
|
|
<value>true</value>
|
|
</property>
|
|
</activation>
|
|
<properties>
|
|
<war-embedded-finalname>${project.build.finalName}-bundled</war-embedded-finalname>
|
|
</properties>
|
|
<build>
|
|
<plugins>
|
|
<plugin>
|
|
<artifactId>maven-antrun-plugin</artifactId>
|
|
<version>3.1.0</version>
|
|
<executions>
|
|
<execution>
|
|
<id>frontend-download</id>
|
|
<phase>prepare-package</phase>
|
|
<configuration>
|
|
<target>
|
|
<get src="https://github.com/DependencyTrack/frontend/releases/download/${frontend.version}/frontend-dist.zip" dest="${project.build.directory}" verbose="true"/>
|
|
</target>
|
|
</configuration>
|
|
<goals>
|
|
<goal>run</goal>
|
|
</goals>
|
|
</execution>
|
|
<execution>
|
|
<id>frontend-extract</id>
|
|
<phase>prepare-package</phase>
|
|
<configuration>
|
|
<target>
|
|
<unzip src="${project.build.directory}/frontend-dist.zip" dest="${project.build.directory}/frontend">
|
|
</unzip>
|
|
</target>
|
|
</configuration>
|
|
<goals>
|
|
<goal>run</goal>
|
|
</goals>
|
|
</execution>
|
|
<execution>
|
|
<id>frontend-resource-deploy</id>
|
|
<phase>prepare-package</phase>
|
|
<configuration>
|
|
<target>
|
|
<copy todir="${project.build.directory}/${project.artifactId}">
|
|
<fileset dir="${project.build.directory}/frontend/dist">
|
|
<include name="**/*"/>
|
|
</fileset>
|
|
</copy>
|
|
</target>
|
|
</configuration>
|
|
<goals>
|
|
<goal>run</goal>
|
|
</goals>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
</plugins>
|
|
</build>
|
|
</profile>
|
|
</profiles>
|
|
|
|
</project>
|