From b16e60f691e20513ba286e9da4c63a6c0a1591d9 Mon Sep 17 00:00:00 2001 From: Nanne Baars <nanne.baars@owasp.org> Date: Mon, 29 Mar 2021 08:17:40 +0200 Subject: [PATCH] Move OWASP dependency check to a Maven profile This takes way too long to perform each time on a Github action as we cannot cache the image --- pom.xml | 58 ++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 37 insertions(+), 21 deletions(-) diff --git a/pom.xml b/pom.xml index e8c7305d8..01dd5572e 100644 --- a/pom.xml +++ b/pom.xml @@ -230,30 +230,45 @@ </execution> </executions> </plugin> - <plugin> - <groupId>org.owasp</groupId> - <artifactId>dependency-check-maven</artifactId> - <version>5.3.2</version> - <configuration> - <failBuildOnCVSS>7</failBuildOnCVSS> - <skipProvidedScope>true</skipProvidedScope> - <skipRuntimeScope>true</skipRuntimeScope> - <suppressionFiles> - <!--suppress UnresolvedMavenProperty --> - <suppressionFile>${maven.multiModuleProjectDirectory}/config/dependency-check/project-suppression.xml</suppressionFile> - </suppressionFiles> - </configuration> - <executions> - <execution> - <goals> - <goal>check</goal> - </goals> - </execution> - </executions> - </plugin> </plugins> </build> + <profiles> + <profile> + <id>owasp</id> + <activation> + <activeByDefault>false</activeByDefault> + </activation> + <build> + <plugins> + <plugin> + <groupId>org.owasp</groupId> + <artifactId>dependency-check-maven</artifactId> + <version>5.3.2</version> + <configuration> + <failBuildOnCVSS>7</failBuildOnCVSS> + <skipProvidedScope>true</skipProvidedScope> + <skipRuntimeScope>true</skipRuntimeScope> + <suppressionFiles> + <!--suppress UnresolvedMavenProperty --> + <suppressionFile> + ${maven.multiModuleProjectDirectory}/config/dependency-check/project-suppression.xml + </suppressionFile> + </suppressionFiles> + </configuration> + <executions> + <execution> + <goals> + <goal>check</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> + </profile> + </profiles> + <repositories> <repository> <id>central</id> @@ -273,4 +288,5 @@ </pluginRepository> </pluginRepositories> + </project>