diff options
| -rw-r--r-- | .cirrus.yml | 25 | ||||
| -rw-r--r-- | .github/renovate.json | 1 | ||||
| -rw-r--r-- | build.gradle | 38 | ||||
| -rw-r--r-- | server/sonar-docs/build.gradle | 7 | ||||
| -rw-r--r-- | server/sonar-web/build.gradle | 7 |
5 files changed, 0 insertions, 78 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index 07458754602..646b360fcde 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -621,31 +621,6 @@ upgd_oracle12_task: on_failure: <<: *REPORTS_JUNIT_ON_FAILURE_TEMPLATE -# Software Composition Analysis (SCA): check potential vulnerabilities in dependencies. -# Note that license compliance of dependencies is not checked for now. -owasp_check_task: - only_if: >- - $CIRRUS_CRON == "nightly" || - $CIRRUS_CRON == "weekly-latest" || - $CIRRUS_CRON == "weekly-lts" || - changesInclude('private/owasp/*.xml') - <<: *YARN_CACHE_TEMPLATE - <<: *GRADLE_CACHE_TEMPLATE - timeout_in: 30m - gke_container: - <<: *GKE_CONTAINER_TEMPLATE - cpu: 1.7 - memory: 4Gb - SLACK_WEBHOOK_SQ: ENCRYPTED[dec8e4350cbea3b94d63098558bcb3ae9e79b71c2b6286fcfb9eb80c0953b6448b10f7271b07b5e75e52f362c25d7a8f] - script: - - gradle dependencyCheckAggregate - on_failure: - slack_notification_script: - - ./private/cirrus/cirrus-owasp-notification.sh - always: - reports_artifacts: - path: "build/reports/*" - ws_scan_task: only_if: >- $CIRRUS_CRON == "nightly" || diff --git a/.github/renovate.json b/.github/renovate.json index 272a5baa621..20710518b4a 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -10,7 +10,6 @@ "separateMajorMinor": false, "ignoreDeps": [ "io.spring.dependency-management", - "org.owasp.dependencycheck", "com.jfrog.artifactory", "org.ajoberstar.grgit", "com.github.ben-manes.versions", diff --git a/build.gradle b/build.gradle index aed914a0d00..ebfb044f428 100644 --- a/build.gradle +++ b/build.gradle @@ -9,7 +9,6 @@ plugins { id 'com.google.protobuf' version '0.8.18' apply false id 'com.jfrog.artifactory' version '4.24.23' id 'io.spring.dependency-management' version '1.0.11.RELEASE' - id 'org.owasp.dependencycheck' version '6.3.2' id 'org.sonarqube' version '3.3' id "de.undercouch.download" version "5.0.1" apply false } @@ -18,38 +17,6 @@ if (!JavaVersion.current().java11Compatible) { throw new GradleException("JDK 11+ is required to perform this build. It's currently " + System.getProperty("java.home") + ".") } -apply plugin: 'org.owasp.dependencycheck' -dependencyCheck { - analyzers { - assemblyEnabled = false - autoconfEnabled = false - bundleAuditEnabled = false - cmakeEnabled = false - cocoapodsEnabled = false - composerEnabled = false - cocoapodsEnabled = false - golangDepEnabled = false - golangModEnabled = false - nodeAudit { - skipDevDependencies = true - } - nuspecEnabled = false - nugetconfEnabled = false - rubygemsEnabled = false - swiftEnabled = false - } - format = 'ALL' - junitFailOnCVSS = 0 - failBuildOnCVSS = 0 - suppressionFiles = ["${project.rootDir}/private/owasp/suppressions.xml", "${project.rootDir}/private/owasp/vulnerabilities.xml"] - skipProjects = project.subprojects - .findAll {it.name.contains('testing') || - it.name.startsWith('it-') || - it.name.contains('-test') || - it.name == 'sonar-ws-generator'} - .collect { it.path } -} - allprojects { apply plugin: 'com.jfrog.artifactory' apply plugin: 'maven-publish' @@ -673,11 +640,6 @@ dependencyUpdates { } gradle.projectsEvaluated { gradle -> - // Execute dependencyCheckAggregate prerequisites before the actual check - allprojects - .findResults { it -> it.tasks.findByName('dependencyCheckAggregate_prerequisites') } - .each { t -> dependencyCheckAggregate.dependsOn(t) } - // yarn_run tasks can't all run in parallel without random issues // this script ensure all yarn_run tasks run sequentially def yarnRunTasks = allprojects.findResults { it -> it.tasks.findByName('yarn_run') } diff --git a/server/sonar-docs/build.gradle b/server/sonar-docs/build.gradle index e2aeb66bee4..aabb3cc87a2 100644 --- a/server/sonar-docs/build.gradle +++ b/server/sonar-docs/build.gradle @@ -109,13 +109,6 @@ task dependency_audit(type: Exec) { commandLine osAdaptiveCommand(['npm', 'run', 'audit-ci']) } -task dependencyCheckAggregate_prerequisites(type: Exec) { - // the OWASP tool does not support yarn and its yarn.lock files, so node modules - // should be explicitly installed (yarn install) before running the audit - // See https://github.com/jeremylong/DependencyCheck/issues/2393 - commandLine osAdaptiveCommand(['yarn', 'install', '--immutable']) -} - task zip(type: Zip) { def archiveDir = "$version" duplicatesStrategy DuplicatesStrategy.EXCLUDE diff --git a/server/sonar-web/build.gradle b/server/sonar-web/build.gradle index ab7e19fcedd..196296376de 100644 --- a/server/sonar-web/build.gradle +++ b/server/sonar-web/build.gradle @@ -76,13 +76,6 @@ task dependency_audit(type: Exec) { commandLine osAdaptiveCommand(['npm', 'run', 'audit-ci']) } -task dependencyCheckAggregate_prerequisites(type: Exec) { - // the OWASP tool does not support yarn and its yarn.lock files, so node modules - // should be explicitly installed (yarn install) before running the audit - // See https://github.com/jeremylong/DependencyCheck/issues/2393 - commandLine osAdaptiveCommand(['yarn', 'install', '--immutable']) -} - def sources = fileTree(dir: "src") + fileTree(dir: "scripts") + fileTree(dir: "config") + fileTree(dir: "__mocks__") task licenseCheckWeb(type: com.hierynomus.gradle.license.tasks.LicenseCheck) { |