Adding maven dependency check to identify publicly disclosed vulnerabilities (#751)
* Added dependency-check-maven and updated grpc modules * Adding dependency check to pipeline * Test pipeline * Test pipeline * Test pipeline * Test pipeline
This commit is contained in:
Shreyas Gopalakrishna
GitHub
Родитель
01caa730ae
Коммит
c92d38cdeb
|
|
@ -60,6 +60,10 @@ jobs:
|
|||
.\package-pipeline.ps1 -buildNumber $buildNumber
|
||||
name: output
|
||||
displayName: 'Executing build script'
|
||||
- pwsh: |
|
||||
mvn dependency-check:check
|
||||
condition: and(eq(variables['Build.SourceBranch'], 'refs/heads/dev'), eq(variables['SkipMavenDependencyCheck'], 'false'))
|
||||
displayName: 'Maven dependency check'
|
||||
- task: CopyFiles@2
|
||||
inputs:
|
||||
SourceFolder: '$(Build.Repository.LocalPath)/pkg'
|
||||
|
|
@ -155,7 +159,7 @@ jobs:
|
|||
displayName: 'Install .NET 6'
|
||||
inputs:
|
||||
version: 6.0.x
|
||||
- pwsh: | # Download JDK for later installation
|
||||
- pwsh: | # Download JDK for later installation
|
||||
Invoke-WebRequest $(JDK_DOWNLOAD_LINK) -O "$(JAVA_VERSION).tar.gz"
|
||||
$current = get-location | select -ExpandProperty Path
|
||||
Write-Host "##vso[task.setvariable variable=downloadPath;]$current"
|
||||
|
|
|
|||
22
pom.xml
22
pom.xml
|
|
@ -72,17 +72,17 @@
|
|||
<dependency>
|
||||
<groupId>io.grpc</groupId>
|
||||
<artifactId>grpc-protobuf</artifactId>
|
||||
<version>1.57.2</version>
|
||||
<version>1.61.0</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>io.grpc</groupId>
|
||||
<artifactId>grpc-stub</artifactId>
|
||||
<version>1.45.2</version>
|
||||
<version>1.61.0</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>io.grpc</groupId>
|
||||
<artifactId>grpc-netty-shaded</artifactId>
|
||||
<version>1.45.2</version>
|
||||
<version>1.61.0</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.google.code.gson</groupId>
|
||||
|
|
@ -303,6 +303,22 @@
|
|||
</systemProperties>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<!-- This plugin is used to detect publicly disclosed vulnerabilities contained within a project’s dependencies -->
|
||||
<plugin>
|
||||
<groupId>org.owasp</groupId>
|
||||
<artifactId>dependency-check-maven</artifactId>
|
||||
<version>9.0.9</version>
|
||||
<configuration>
|
||||
<failBuildOnCVSS>7</failBuildOnCVSS>
|
||||
</configuration>
|
||||
<executions>
|
||||
<execution>
|
||||
<goals>
|
||||
<goal>check</goal>
|
||||
</goals>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</project>
|
||||
Загрузка…
Ссылка в новой задаче