Philippe Perrin
2 lat temu
5 zmienionych plików z 1 dodań i 78 usunięć
+ 1
- 25
.cirrus.yml
Wyświetl plik
| @@ -619,28 +619,4 @@ upgd_oracle12_task: | |||
| - ./private/cirrus/cirrus-qa.sh oracle12 | |||
| on_failure: | |||
| <<: *REPORTS_JUNIT_ON_FAILURE_TEMPLATE | |||
| # Software Composition Analysis (SCA): check potential vulnerabilities in dependencies. | |||
| # Note that license compliance of dependencies is not checked for now. | |||
| owasp_check_task: | |||
| only_if: >- | |||
| $CIRRUS_CRON == "nightly" || | |||
| $CIRRUS_CRON == "weekly-latest" || | |||
| $CIRRUS_CRON == "weekly-lts" || | |||
| changesInclude('private/owasp/*.xml') | |||
| <<: *YARN_CACHE_TEMPLATE | |||
| <<: *GRADLE_CACHE_TEMPLATE | |||
| timeout_in: 30m | |||
| gke_container: | |||
| <<: *GKE_CONTAINER_TEMPLATE | |||
| cpu: 1.7 | |||
| memory: 4Gb | |||
| SLACK_WEBHOOK_SQ: ENCRYPTED[dec8e4350cbea3b94d63098558bcb3ae9e79b71c2b6286fcfb9eb80c0953b6448b10f7271b07b5e75e52f362c25d7a8f] | |||
| script: | |||
| - gradle dependencyCheckAggregate | |||
| on_failure: | |||
| slack_notification_script: | |||
| - ./private/cirrus/cirrus-owasp-notification.sh | |||
| always: | |||
| reports_artifacts: | |||
| path: "build/reports/*" | |||
+ 0
- 1
README.md
Wyświetl plik
| @@ -71,7 +71,6 @@ Then open the root file `build.gradle` as a project in Intellij or Eclipse. | |||
| | ./gradlew command | Description | | |||
| |---|---| | |||
| | `dependencies`| list dependencies | | |||
| | `dependencyCheckAnalyze` | list vulnerable dependencies | | |||
| | `dependencyUpdates` | list the dependencies that could be updated | | |||
| | `licenseFormat --rerun-tasks` | fix source headers by applying HEADER.txt | | |||
| | `wrapper --gradle-version 5.2.1` | upgrade wrapper | | |||
+ 0
- 38
build.gradle
Wyświetl plik
| @@ -9,7 +9,6 @@ plugins { | |||
| id 'com.google.protobuf' version '0.8.18' apply false | |||
| id 'com.jfrog.artifactory' version '4.24.23' | |||
| id 'io.spring.dependency-management' version '1.0.11.RELEASE' | |||
| id 'org.owasp.dependencycheck' version '6.3.2' | |||
| id 'org.sonarqube' version '3.3' | |||
| id "de.undercouch.download" version "4.1.2" apply false | |||
| } | |||
| @@ -18,38 +17,6 @@ if (!JavaVersion.current().java11Compatible) { | |||
| throw new GradleException("JDK 11+ is required to perform this build. It's currently " + System.getProperty("java.home") + ".") | |||
| } | |||
| apply plugin: 'org.owasp.dependencycheck' | |||
| dependencyCheck { | |||
| analyzers { | |||
| assemblyEnabled = false | |||
| autoconfEnabled = false | |||
| bundleAuditEnabled = false | |||
| cmakeEnabled = false | |||
| cocoapodsEnabled = false | |||
| composerEnabled = false | |||
| cocoapodsEnabled = false | |||
| golangDepEnabled = false | |||
| golangModEnabled = false | |||
| nodeAudit { | |||
| skipDevDependencies = true | |||
| } | |||
| nuspecEnabled = false | |||
| nugetconfEnabled = false | |||
| rubygemsEnabled = false | |||
| swiftEnabled = false | |||
| } | |||
| format = 'ALL' | |||
| junitFailOnCVSS = 0 | |||
| failBuildOnCVSS = 0 | |||
| suppressionFiles = ["${project.rootDir}/private/owasp/suppressions.xml", "${project.rootDir}/private/owasp/vulnerabilities.xml"] | |||
| skipProjects = project.subprojects | |||
| .findAll {it.name.contains('testing') || | |||
| it.name.startsWith('it-') || | |||
| it.name.contains('-test') || | |||
| it.name == 'sonar-ws-generator'} | |||
| .collect { it.path } | |||
| } | |||
| allprojects { | |||
| apply plugin: 'com.jfrog.artifactory' | |||
| apply plugin: 'maven-publish' | |||
| @@ -671,11 +638,6 @@ dependencyUpdates { | |||
| } | |||
| gradle.projectsEvaluated { gradle -> | |||
| // Execute dependencyCheckAggregate prerequisites before the actual check | |||
| allprojects | |||
| .findResults { it -> it.tasks.findByName('dependencyCheckAggregate_prerequisites') } | |||
| .each { t -> dependencyCheckAggregate.dependsOn(t) } | |||
| // yarn_run tasks can't all run in parallel without random issues | |||
| // this script ensure all yarn_run tasks run sequentially | |||
| def yarnRunTasks = allprojects.findResults { it -> it.tasks.findByName('yarn_run') } | |||
+ 0
- 7
server/sonar-docs/build.gradle
Wyświetl plik
| @@ -109,13 +109,6 @@ task dependency_audit(type: Exec) { | |||
| commandLine osAdaptiveCommand(['npm', 'run', 'audit-ci']) | |||
| } | |||
| task dependencyCheckAggregate_prerequisites(type: Exec) { | |||
| // the OWASP tool does not support yarn and its yarn.lock files, so node modules | |||
| // should be explicitly installed (yarn install) before running the audit | |||
| // See https://github.com/jeremylong/DependencyCheck/issues/2393 | |||
| commandLine osAdaptiveCommand(['yarn', 'install', '--immutable']) | |||
| } | |||
| task zip(type: Zip) { | |||
| def archiveDir = "$version" | |||
| duplicatesStrategy DuplicatesStrategy.EXCLUDE | |||
+ 0
- 7
server/sonar-web/build.gradle
Wyświetl plik
| @@ -76,13 +76,6 @@ task dependency_audit(type: Exec) { | |||
| commandLine osAdaptiveCommand(['npm', 'run', 'audit-ci']) | |||
| } | |||
| task dependencyCheckAggregate_prerequisites(type: Exec) { | |||
| // the OWASP tool does not support yarn and its yarn.lock files, so node modules | |||
| // should be explicitly installed (yarn install) before running the audit | |||
| // See https://github.com/jeremylong/DependencyCheck/issues/2393 | |||
| commandLine osAdaptiveCommand(['yarn', 'install', '--immutable']) | |||
| } | |||
| def sources = fileTree(dir: "src") + fileTree(dir: "scripts") + fileTree(dir: "config") + fileTree(dir: "__mocks__") | |||
| task licenseCheckWeb(type: com.hierynomus.gradle.license.tasks.LicenseCheck) { | |||
Ładowanie…