Ban log4j all together and update OWASP dep check
Remove
This commit is contained in:
Nanne Baars
Nanne Baars
parent
cb6b1d73d1
commit
7ded0968c1
48
pom.xml
48
pom.xml
@ -133,6 +133,8 @@
|
||||
<maven-surefire-plugin.version>3.0.0-M5</maven-surefire-plugin.version>
|
||||
<java.version>17</java.version>
|
||||
<thymeleaf.version>3.0.14.RELEASE</thymeleaf.version>
|
||||
<pmd.version>3.15.0</pmd.version>
|
||||
<checkstyle.version>3.1.2</checkstyle.version>
|
||||
</properties>
|
||||
|
||||
<modules>
|
||||
@ -141,14 +143,15 @@
|
||||
<module>webgoat-server</module>
|
||||
<module>webwolf</module>
|
||||
<module>webgoat-integration-tests</module>
|
||||
<module>docker</module><!-- copy required jars in preparation of docker all-in-one build -->
|
||||
<module>docker</module><!-- copy required jars in preparation of docker all-in-one build -->
|
||||
</modules>
|
||||
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-validation</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-validation</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.projectlombok</groupId>
|
||||
<artifactId>lombok</artifactId>
|
||||
@ -187,7 +190,7 @@
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-checkstyle-plugin</artifactId>
|
||||
<version>3.1.2</version>
|
||||
<version>${checkstyle.version}</version>
|
||||
<configuration>
|
||||
<encoding>UTF-8</encoding>
|
||||
<consoleOutput>true</consoleOutput>
|
||||
@ -200,10 +203,11 @@
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-pmd-plugin</artifactId>
|
||||
<version>3.14.0</version>
|
||||
<version>${pmd.version}</version>
|
||||
<configuration>
|
||||
<targetJdk>15</targetJdk>
|
||||
<failurePriority>1</failurePriority><!-- 5 means fail even on the lowest priority, 0 means never fail -->
|
||||
<targetJdk>${maven.compiler.target}</targetJdk>
|
||||
<failurePriority>1
|
||||
</failurePriority><!-- 5 means fail even on the lowest priority, 0 means never fail -->
|
||||
<rulesets>
|
||||
<!--suppress UnresolvedMavenProperty -->
|
||||
<ruleset>${maven.multiModuleProjectDirectory}/config/pmd/pmd-ruleset.xml</ruleset>
|
||||
@ -219,6 +223,30 @@
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-enforcer-plugin</artifactId>
|
||||
<version>3.0.0</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>Restrict-bad-log4j-versions</id>
|
||||
<phase>validate</phase>
|
||||
<goals>
|
||||
<goal>enforce</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<rules>
|
||||
<bannedDependencies>
|
||||
<excludes>
|
||||
<exclude>org.apache.logging.log4j:log4j-core:(,2.15.0)</exclude>
|
||||
</excludes>
|
||||
</bannedDependencies>
|
||||
</rules>
|
||||
<fail>true</fail>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
@ -233,7 +261,7 @@
|
||||
<plugin>
|
||||
<groupId>org.owasp</groupId>
|
||||
<artifactId>dependency-check-maven</artifactId>
|
||||
<version>6.1.3</version>
|
||||
<version>6.5.1</version>
|
||||
<configuration>
|
||||
<failBuildOnCVSS>7</failBuildOnCVSS>
|
||||
<skipProvidedScope>true</skipProvidedScope>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user