Stowage/dependency-track
2
0
Fork 0
mirror of https://github.com/DependencyTrack/dependency-track.git synced 2026-02-06 17:59:53 +00:00
Code Issues Projects Releases Packages Wiki Activity
dependency-track/pom.xml
dependabot-preview[bot] 39a8613e9a
Bump cvss-calculator from 1.2.1 to 1.2.2 
Bumps [cvss-calculator](https://github.com/stevespringett/cvss-calculator) from 1.2.1 to 1.2.2.
- [Release notes](https://github.com/stevespringett/cvss-calculator/releases)
- [Commits](https://github.com/stevespringett/cvss-calculator/compare/cvss-calculator-1.2.1...cvss-calculator-1.2.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-11 06:22:08 +00:00

394 lines
16 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!--
~ This file is part of Dependency-Track.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
~
~ SPDX-License-Identifier: Apache-2.0
~ Copyright (c) Steve Springett. All Rights Reserved.
-->
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>us.springett</groupId>
<artifactId>alpine-parent</artifactId>
<version>1.7.2-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.dependencytrack</groupId>
<artifactId>dependency-track</artifactId>
<packaging>war</packaging>
<version>3.8.0-SNAPSHOT</version>
<name>Dependency-Track</name>
<url>https://dependencytrack.org/</url>
<description>Dependency-Track is an intelligent software supply-chain component analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.</description>
<inceptionYear>2013</inceptionYear>
<organization>
<name>OWASP</name>
</organization>
<licenses>
<license>
<name>Apache-2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
<distribution>repo</distribution>
</license>
</licenses>
<developers>
<developer>
<name>Steve Springett</name>
<email>Steve.Springett@owasp.org</email>
<organization>OWASP</organization>
<organizationUrl>http://www.owasp.org/</organizationUrl>
<roles>
<role>Architect</role>
<role>Developer</role>
</roles>
</developer>
</developers>
<scm>
<connection>scm:git:git@github.com:DependencyTrack/dependency-track.git</connection>
<url>https://github.com/DependencyTrack/dependency-track.git</url>
<developerConnection>scm:git:git@github.com:DependencyTrack/dependency-track.git</developerConnection>
<tag>HEAD</tag>
</scm>
<issueManagement>
<system>github</system>
<url>https://github.com/DependencyTrack/dependency-track/issues</url>
</issueManagement>
<ciManagement>
<system>github-actions</system>
<url>https://github.com/DependencyTrack/dependency-track/actions</url>
</ciManagement>
<properties>
<!-- Dependency Versions -->
<frontend.version>1.0.0-rc.1</frontend.version>
<lib.alpine.version>${project.parent.version}</lib.alpine.version>
<lib.cpe-parser.version>2.0.2</lib.cpe-parser.version>
<lib.cvss-calculator.version>1.2.2</lib.cvss-calculator.version>
<lib.cyclonedx-java.version>2.6.5</lib.cyclonedx-java.version>
<lib.jaxb.runtime.version>2.3.2</lib.jaxb.runtime.version>
<lib.lucene.version>7.7.2</lib.lucene.version>
<lib.packageurl.version>1.1.1</lib.packageurl.version>
<lib.pebble.version>3.1.2</lib.pebble.version>
<lib.spdx-tools.version>2.1.20</lib.spdx-tools.version>
<lib.unirest.version>2.4.00</lib.unirest.version>
<lib.vulndb-data-mirror.version>1.0.0</lib.vulndb-data-mirror.version>
<!-- Maven Plugin Properties -->
<plugin.github-release-plugin.version>1.4.0</plugin.github-release-plugin.version>
<plugin.retirejs.breakOnFailure>false</plugin.retirejs.breakOnFailure>
<!-- SonarCloud properties -->
<sonar.exclusions>src/main/webapp/**</sonar.exclusions>
</properties>
<repositories>
<repository>
<id>ossrh-snapshot</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
<snapshots>
<updatePolicy>always</updatePolicy>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
<dependencies>
<!-- Alpine -->
<dependency>
<groupId>us.springett</groupId>
<artifactId>alpine</artifactId>
<version>${lib.alpine.version}</version>
</dependency>
<!-- CVSS Calculator -->
<dependency>
<groupId>us.springett</groupId>
<artifactId>cvss-calculator</artifactId>
<version>${lib.cvss-calculator.version}</version>
</dependency>
<!-- CPE Parser -->
<dependency>
<groupId>us.springett</groupId>
<artifactId>cpe-parser</artifactId>
<version>${lib.cpe-parser.version}</version>
</dependency>
<!-- CycloneDX -->
<dependency>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-core-java</artifactId>
<version>${lib.cyclonedx-java.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-runtime</artifactId>
<version>${lib.jaxb.runtime.version}</version>
</dependency>
<dependency>
<groupId>javax.activation</groupId>
<artifactId>javax.activation-api</artifactId>
<version>1.2.0</version>
</dependency>
<!-- Package URL -->
<dependency>
<groupId>com.github.package-url</groupId>
<artifactId>packageurl-java</artifactId>
<version>${lib.packageurl.version}</version>
</dependency>
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-core</artifactId>
<version>${lib.lucene.version}</version>
</dependency>
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-analyzers-common</artifactId>
<version>${lib.lucene.version}</version>
</dependency>
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-queryparser</artifactId>
<version>${lib.lucene.version}</version>
</dependency>
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-queries</artifactId>
<version>${lib.lucene.version}</version>
</dependency>
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-sandbox</artifactId>
<version>${lib.lucene.version}</version>
</dependency>
<!-- Pebble templating engine -->
<dependency>
<groupId>io.pebbletemplates</groupId>
<artifactId>pebble</artifactId>
<version>${lib.pebble.version}</version>
</dependency>
<!-- VulnDB data mirroring and parsing -->
<dependency>
<groupId>us.springett</groupId>
<artifactId>vulndb-data-mirror</artifactId>
<version>${lib.vulndb-data-mirror.version}</version>
<!-- Exclude transitive version so Dependency-Track can manage independently -->
<exclusions>
<exclusion>
<groupId>io.github.openunirest</groupId>
<artifactId>open-unirest-java</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Unirest -->
<dependency>
<groupId>com.konghq</groupId>
<artifactId>unirest-java</artifactId>
<version>${lib.unirest.version}</version>
</dependency>
<!-- SPDX -->
<dependency>
<groupId>org.spdx</groupId>
<artifactId>spdx-tools</artifactId>
<version>${lib.spdx-tools.version}</version>
<exclusions>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j-impl</artifactId>
</exclusion>
<exclusion>
<groupId>net.sf.saxon</groupId>
<artifactId>saxon</artifactId>
</exclusion>
<exclusion>
<groupId>net.sf.saxon</groupId>
<artifactId>saxon-dom</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<!-- Force the dependency version greater or equal to 0.11.0 for Jena - resolves vulnerability -->
<groupId>org.apache.thrift</groupId>
<artifactId>libthrift</artifactId>
<version>0.13.0</version>
</dependency>
<dependency>
<groupId>com.fasterxml.woodstox</groupId>
<artifactId>woodstox-core</artifactId>
<version>6.1.1</version>
</dependency>
<!-- Test Dependencies -->
<dependency>
<groupId>org.mock-server</groupId>
<artifactId>mockserver-netty</artifactId>
<version>5.9.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>3.3.0</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<finalName>${project.artifactId}</finalName>
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>false</filtering>
</resource>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
<includes>
<include>application.version</include>
</includes>
</resource>
</resources>
<testResources>
<testResource>
<directory>src/test/resources</directory>
<filtering>false</filtering>
</testResource>
</testResources>
<plugins>
<plugin>
<artifactId>maven-antrun-plugin</artifactId>
<version>1.8</version>
<executions>
<execution>
<id>frontend-download</id>
<phase>prepare-package</phase>
<configuration>
<target>
<get src="https://github.com/DependencyTrack/frontend/releases/download/${frontend.version}/frontend-dist.zip"
dest="${project.build.directory}"
verbose="true"/>
</target>
</configuration>
<goals>
<goal>run</goal>
</goals>
</execution>
<execution>
<id>frontend-extract</id>
<phase>prepare-package</phase>
<configuration>
<target>
<unzip src="${project.build.directory}/frontend-dist.zip"
dest="${project.build.directory}/frontend">
</unzip>
</target>
</configuration>
<goals>
<goal>run</goal>
</goals>
</execution>
<execution>
<id>frontend-resource-deploy</id>
<phase>prepare-package</phase>
<configuration>
<target>
<copy todir="${project.build.directory}/${project.artifactId}">
<fileset dir="${project.build.directory}/frontend/dist">
<include name="**/*"/>
</fileset>
</copy>
</target>
</configuration>
<goals>
<goal>run</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>de.jutzig</groupId>
<artifactId>github-release-plugin</artifactId>
<version>${plugin.github-release-plugin.version}</version>
<configuration>
<releaseName>${project.version}</releaseName>
<tag>${project.version}</tag>
<description>For official releases, refer to https://docs.dependencytrack.org/changelog/ for information about improvements and upgrade notes. If additional details are required, consult the closed issues for this release milestone.</description>
<!--
For snapshot pre-releases we want to override the existing snapshot
by deleting it first and re-uploading the artifact. Caution should
be taken to not re-release GA builds.
-->
<overwriteArtifact>true</overwriteArtifact>
<deleteRelease>true</deleteRelease>
<fileSets>
<fileSet>
<directory>${project.build.directory}</directory>
<includes>
<include>dependency-track.war</include>
<include>dependency-track-embedded.war</include>
<include>checksums.xml</include>
<include>bom.xml</include>
</includes>
</fileSet>
</fileSets>
</configuration>
</plugin>
<plugin>
<groupId>net.nicoulaj.maven.plugins</groupId>
<artifactId>checksum-maven-plugin</artifactId>
<version>1.8</version>
<executions>
<execution>
<phase>none</phase>
<goals>
<goal>files</goal>
</goals>
</execution>
</executions>
<configuration>
<csvSummary>false</csvSummary>
<individualFiles>false</individualFiles>
<xmlSummary>true</xmlSummary>
<algorithms>
<algorithm>SHA-1</algorithm>
<algorithm>SHA-256</algorithm>
<algorithm>SHA-512</algorithm>
</algorithms>
<fileSets>
<fileSet>
<directory>${project.build.directory}</directory>
<includes>
<include>*.war</include>
</includes>
</fileSet>
</fileSets>
</configuration>
</plugin>
</plugins>
</build>
</project>
Reference in a new issue View git blame Copy permalink