Adding maven dependency check to identify publicly disclosed vulnerabilities (#751)

* Added dependency-check-maven and updated grpc modules

* Adding dependency check to pipeline

* Test pipeline

* Test pipeline

* Test pipeline

* Test pipeline
This commit is contained in:
Shreyas Gopalakrishna 2024-01-30 09:28:32 -08:00 коммит произвёл GitHub
Родитель 01caa730ae
Коммит c92d38cdeb
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
2 изменённых файлов: 24 добавлений и 4 удалений

Просмотреть файл

@ -60,6 +60,10 @@ jobs:
.\package-pipeline.ps1 -buildNumber $buildNumber
name: output
displayName: 'Executing build script'
- pwsh: |
mvn dependency-check:check
condition: and(eq(variables['Build.SourceBranch'], 'refs/heads/dev'), eq(variables['SkipMavenDependencyCheck'], 'false'))
displayName: 'Maven dependency check'
- task: CopyFiles@2
inputs:
SourceFolder: '$(Build.Repository.LocalPath)/pkg'

22
pom.xml
Просмотреть файл

@ -72,17 +72,17 @@
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-protobuf</artifactId>
<version>1.57.2</version>
<version>1.61.0</version>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-stub</artifactId>
<version>1.45.2</version>
<version>1.61.0</version>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-netty-shaded</artifactId>
<version>1.45.2</version>
<version>1.61.0</version>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
@ -303,6 +303,22 @@
</systemProperties>
</configuration>
</plugin>
<!-- This plugin is used to detect publicly disclosed vulnerabilities contained within a projects dependencies -->
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>9.0.9</version>
<configuration>
<failBuildOnCVSS>7</failBuildOnCVSS>
</configuration>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>