Maven

Aus Wiki - Jochen Hammann
Version vom 24. Juni 2020, 11:52 Uhr von Jochen (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „__TOC__ = Plugins = == Security == === OWASP Dependency Track === [https://owasp.org/www-project-dependency-track/ OWASP Dependency Track] <br/> ==== Cy…“)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springen Zur Suche springen


Plugins

Security

OWASP Dependency Track

OWASP Dependency Track


CycloneDX Plugin

OWASP Dependency Track - CycloneDX Plugin 

<!-- ++++++++++ [OWASP Dependency Track - CycloneDX Plugin] ++++++++++ -->

<!-- CLI: mvn org.cyclonedx:cyclonedx-maven-plugin:makeBom -->
<!-- CLI: mvn cyclonedx:makeBom -->
<!-- CLI: mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom -->
<!-- CLI: mvn cyclonedx:makeAggregateBom -->
<plugin>
    <groupId>org.cyclonedx</groupId>
    <artifactId>cyclonedx-maven-plugin</artifactId>
    <version>1.6.4</version>
    <executions>
        <execution>
            <phase>verify</phase>
            <goals>
                <goal>makeAggregateBom</goal>
            </goals>
        </execution>
    </executions>
    <configuration>
        <schemaVersion>1.1</schemaVersion>
        <includeBomSerialNumber>true</includeBomSerialNumber>
        <includeCompileScope>true</includeCompileScope>
        <includeProvidedScope>true</includeProvidedScope>
        <includeRuntimeScope>true</includeRuntimeScope>
        <includeSystemScope>true</includeSystemScope>
        <includeTestScope>false</includeTestScope>
        <includeLicenseText>true</includeLicenseText>
        <includeDependencyGraph>true</includeDependencyGraph>
    </configuration>
    <inherited>false</inherited>
</plugin>


Upload Plugin

<!-- ++++++++++ [OWASP Dependency Track - Upload Plugin] ++++++++++ -->

<!-- Caution: The dependency-track-maven-plugin must be specified after the cyclonedx-maven-plugin.
Because both plugins are processed in the phase 'verify'. -->

<!-- CLI: mvn dependency-track:upload-bom  -->
<plugin>
    <groupId>io.github.pmckeown</groupId>
    <artifactId>dependency-track-maven-plugin</artifactId>
    <version>0.8.1</version>
    <executions>
        <execution>
            <phase>verify</phase>
            <goals>
                <goal>upload-bom</goal>
            </goals>
        </execution>
    </executions>
    <configuration>
        <dependencyTrackBaseUrl>http://...</dependencyTrackBaseUrl>
        <apiKey>${dependencytrack.apikey}</apiKey>
    </configuration>
    <inherited>false</inherited>
</plugin>


OWASP Dependency Check


Sonatype OSS Index

<!-- ++++++++++ [Sonatype OSS Index] ++++++++++ -->

<!-- CLI: mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate -->
<plugin>
    <groupId>org.sonatype.ossindex.maven</groupId>
    <artifactId>ossindex-maven-plugin</artifactId>
    <executions>
        <execution>
            <id>audit-dependencies</id>
            <phase>validate</phase>
            <goals>
                <goal>audit-aggregate</goal>
            </goals>
        </execution>
    </executions>
    <inherited>false</inherited>
</plugin>


Abgerufen von „https://wiki.fam-hammann.de/index.php?title=Maven&oldid=546