-
Notifications
You must be signed in to change notification settings - Fork 3
/
pom.xml
79 lines (79 loc) · 3.08 KB
/
pom.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<?xml version="1.0"?>
<!-- A pom.xml of a project depending on org.owasp:dependency-check-maven -->
<project
xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<modelVersion>4.0.0</modelVersion>
<groupId>it.babel.devops</groupId>
<artifactId>jenkins-super-sast</artifactId>
<version>1.0-SNAPSHOT</version>
<build>
<plugins>
<!-- Add the spotbugs plugin -->
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.7.2.1</version>
<configuration>
<effort>Max</effort>
<threshold>Low</threshold>
<failOnError>true</failOnError>
<excludeFilterFile>${env.SPOTBUGS_CONFIG_FILE}</excludeFilterFile>
<plugins>
<plugin>
<groupId>com.h3xstream.findsecbugs</groupId>
<artifactId>findsecbugs-plugin</artifactId>
<version>1.12.0</version>
</plugin>
</plugins>
</configuration>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>8.4.0</version>
<configuration>
<cveStartYear>2018</cveStartYear>
</configuration>
<executions>
<execution>
<goals>
<goal>update-only</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.diffplug.spotless</groupId>
<artifactId>spotless-maven-plugin</artifactId>
<version>2.0.2</version>
<executions>
<execution>
<goals>
<goal>check</goal>
<goal>apply</goal>
</goals>
</execution>
</executions>
<configuration>
<java>
<!-- no need to specify files, inferred automatically, but you can if you
want -->
<!-- apply a specific flavor of google-java-format -->
<googleJavaFormat>
<version>1.8</version>
</googleJavaFormat>
</java>
</configuration>
</plugin>
</plugins>
</build>
</project>