--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check_Suppression">
+ <suppress>
+ <notes><![CDATA[
+ file name: gson-2.3.1.jar
+ ]]></notes>
+ <sha1>ECB6E1F8E4B0E84C4B886C2F14A1500CAF309757</sha1>
+ <cpe>cpe:/a:google:v8:2.3.1</cpe>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: geronimo-spec-jta-1.0-M1.jar
+ ]]></notes>
+ <sha1>1F01F94B5B83C33950E22CDE224868407FDF8B99</sha1>
+ <cpe>cpe:/a:apache:geronimo:1.0.m1</cpe>
+ </suppress>
+</suppressions>
<artifactId>clirr-maven-plugin</artifactId>
<version>2.6.1</version>
</plugin>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>1.2.8</version>
+ <configuration>
+ <failBuildOnCVSS>8</failBuildOnCVSS>
+ <suppressionFile>cve-false-positives.xml</suppressionFile>
+ </configuration>
+ </plugin>
+
</plugins>
</pluginManagement>
</dependency>
</dependencies>
</profile>
+
<profile>
<!-- add microbenchmarks module to IDE -->
<id>includeMicrobenchmarkModule</id>
<module>microbenchmark-template</module>
</modules>
</profile>
+
+ <profile>
+ <!--
+ check if maven dependencies have vulnerabilities listed in CVE
+ Standalone command: mvn org.owasp:dependency-check-maven:check
+ See http://jeremylong.github.io/DependencyCheck
+ -->
+ <id>securityCheck</id>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <executions>
+ <execution>
+ <goals>
+ <goal>check</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
</profiles>
</project>
projects / sonarqube.git / commitdiff