@@ -619,28 +619,4 @@ upgd_oracle12_task: | |||
- ./private/cirrus/cirrus-qa.sh oracle12 | |||
on_failure: | |||
<<: *REPORTS_JUNIT_ON_FAILURE_TEMPLATE | |||
# Software Composition Analysis (SCA): check potential vulnerabilities in dependencies. | |||
# Note that license compliance of dependencies is not checked for now. | |||
owasp_check_task: | |||
only_if: >- | |||
$CIRRUS_CRON == "nightly" || | |||
$CIRRUS_CRON == "weekly-latest" || | |||
$CIRRUS_CRON == "weekly-lts" || | |||
changesInclude('private/owasp/*.xml') | |||
<<: *YARN_CACHE_TEMPLATE | |||
<<: *GRADLE_CACHE_TEMPLATE | |||
timeout_in: 30m | |||
gke_container: | |||
<<: *GKE_CONTAINER_TEMPLATE | |||
cpu: 1.7 | |||
memory: 4Gb | |||
SLACK_WEBHOOK_SQ: ENCRYPTED[dec8e4350cbea3b94d63098558bcb3ae9e79b71c2b6286fcfb9eb80c0953b6448b10f7271b07b5e75e52f362c25d7a8f] | |||
script: | |||
- gradle dependencyCheckAggregate | |||
on_failure: | |||
slack_notification_script: | |||
- ./private/cirrus/cirrus-owasp-notification.sh | |||
always: | |||
reports_artifacts: | |||
path: "build/reports/*" | |||
@@ -71,7 +71,6 @@ Then open the root file `build.gradle` as a project in Intellij or Eclipse. | |||
| ./gradlew command | Description | | |||
|---|---| | |||
| `dependencies`| list dependencies | | |||
| `dependencyCheckAnalyze` | list vulnerable dependencies | | |||
| `dependencyUpdates` | list the dependencies that could be updated | | |||
| `licenseFormat --rerun-tasks` | fix source headers by applying HEADER.txt | | |||
| `wrapper --gradle-version 5.2.1` | upgrade wrapper | |
@@ -9,7 +9,6 @@ plugins { | |||
id 'com.google.protobuf' version '0.8.18' apply false | |||
id 'com.jfrog.artifactory' version '4.24.23' | |||
id 'io.spring.dependency-management' version '1.0.11.RELEASE' | |||
id 'org.owasp.dependencycheck' version '6.3.2' | |||
id 'org.sonarqube' version '3.3' | |||
id "de.undercouch.download" version "4.1.2" apply false | |||
} | |||
@@ -18,38 +17,6 @@ if (!JavaVersion.current().java11Compatible) { | |||
throw new GradleException("JDK 11+ is required to perform this build. It's currently " + System.getProperty("java.home") + ".") | |||
} | |||
apply plugin: 'org.owasp.dependencycheck' | |||
dependencyCheck { | |||
analyzers { | |||
assemblyEnabled = false | |||
autoconfEnabled = false | |||
bundleAuditEnabled = false | |||
cmakeEnabled = false | |||
cocoapodsEnabled = false | |||
composerEnabled = false | |||
cocoapodsEnabled = false | |||
golangDepEnabled = false | |||
golangModEnabled = false | |||
nodeAudit { | |||
skipDevDependencies = true | |||
} | |||
nuspecEnabled = false | |||
nugetconfEnabled = false | |||
rubygemsEnabled = false | |||
swiftEnabled = false | |||
} | |||
format = 'ALL' | |||
junitFailOnCVSS = 0 | |||
failBuildOnCVSS = 0 | |||
suppressionFiles = ["${project.rootDir}/private/owasp/suppressions.xml", "${project.rootDir}/private/owasp/vulnerabilities.xml"] | |||
skipProjects = project.subprojects | |||
.findAll {it.name.contains('testing') || | |||
it.name.startsWith('it-') || | |||
it.name.contains('-test') || | |||
it.name == 'sonar-ws-generator'} | |||
.collect { it.path } | |||
} | |||
allprojects { | |||
apply plugin: 'com.jfrog.artifactory' | |||
apply plugin: 'maven-publish' | |||
@@ -671,11 +638,6 @@ dependencyUpdates { | |||
} | |||
gradle.projectsEvaluated { gradle -> | |||
// Execute dependencyCheckAggregate prerequisites before the actual check | |||
allprojects | |||
.findResults { it -> it.tasks.findByName('dependencyCheckAggregate_prerequisites') } | |||
.each { t -> dependencyCheckAggregate.dependsOn(t) } | |||
// yarn_run tasks can't all run in parallel without random issues | |||
// this script ensure all yarn_run tasks run sequentially | |||
def yarnRunTasks = allprojects.findResults { it -> it.tasks.findByName('yarn_run') } |
@@ -109,13 +109,6 @@ task dependency_audit(type: Exec) { | |||
commandLine osAdaptiveCommand(['npm', 'run', 'audit-ci']) | |||
} | |||
task dependencyCheckAggregate_prerequisites(type: Exec) { | |||
// the OWASP tool does not support yarn and its yarn.lock files, so node modules | |||
// should be explicitly installed (yarn install) before running the audit | |||
// See https://github.com/jeremylong/DependencyCheck/issues/2393 | |||
commandLine osAdaptiveCommand(['yarn', 'install', '--immutable']) | |||
} | |||
task zip(type: Zip) { | |||
def archiveDir = "$version" | |||
duplicatesStrategy DuplicatesStrategy.EXCLUDE |
@@ -76,13 +76,6 @@ task dependency_audit(type: Exec) { | |||
commandLine osAdaptiveCommand(['npm', 'run', 'audit-ci']) | |||
} | |||
task dependencyCheckAggregate_prerequisites(type: Exec) { | |||
// the OWASP tool does not support yarn and its yarn.lock files, so node modules | |||
// should be explicitly installed (yarn install) before running the audit | |||
// See https://github.com/jeremylong/DependencyCheck/issues/2393 | |||
commandLine osAdaptiveCommand(['yarn', 'install', '--immutable']) | |||
} | |||
def sources = fileTree(dir: "src") + fileTree(dir: "scripts") + fileTree(dir: "config") + fileTree(dir: "__mocks__") | |||
task licenseCheckWeb(type: com.hierynomus.gradle.license.tasks.LicenseCheck) { |