mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 15:53:36 +01:00
548 lines
23 KiB
XML
548 lines
23 KiB
XML
<!--
|
|
This file is part of Dependency-Check.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
|
|
Copyright (c) 2012 - Jeremy Long
|
|
-->
|
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
|
<modelVersion>4.0.0</modelVersion>
|
|
|
|
<groupId>org.owasp</groupId>
|
|
<artifactId>dependency-check-parent</artifactId>
|
|
<version>1.2.12-SNAPSHOT</version>
|
|
<packaging>pom</packaging>
|
|
|
|
<modules>
|
|
<module>dependency-check-core</module>
|
|
<module>dependency-check-cli</module>
|
|
<module>dependency-check-ant</module>
|
|
<module>dependency-check-maven</module>
|
|
<module>dependency-check-gradle</module>
|
|
<module>dependency-check-jenkins</module>
|
|
<module>dependency-check-utils</module>
|
|
</modules>
|
|
<name>Dependency-Check</name>
|
|
<url>https://github.com/jeremylong/DependencyCheck.git</url>
|
|
<description>dependency-check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed vulnerabilities. This tool can be part of the solution to the OWASP Top 10 2013: A9 - Using Components with Known Vulnerabilities.</description>
|
|
<inceptionYear>2012</inceptionYear>
|
|
|
|
<organization>
|
|
<name>OWASP</name>
|
|
<url>http://www.owasp.org</url>
|
|
</organization>
|
|
|
|
<developers>
|
|
<developer>
|
|
<name>Jeremy Long</name>
|
|
<email>jeremy.long@owasp.org</email>
|
|
<organization>OWASP</organization>
|
|
<organizationUrl>https://www.owasp.org/</organizationUrl>
|
|
<roles>
|
|
<role>architect</role>
|
|
<role>developer</role>
|
|
</roles>
|
|
</developer>
|
|
<developer>
|
|
<name>Steve Springett</name>
|
|
<email>Steve.Springett@owasp.org</email>
|
|
<organization>OWASP</organization>
|
|
<organizationUrl>https://www.owasp.org/</organizationUrl>
|
|
<roles>
|
|
<role>developer</role>
|
|
</roles>
|
|
</developer>
|
|
<developer>
|
|
<name>Will Stranathan</name>
|
|
<email>Will.Stranathan@owasp.org</email>
|
|
<organization>OWASP</organization>
|
|
<organizationUrl>https://www.owasp.org/</organizationUrl>
|
|
<roles>
|
|
<role>developer</role>
|
|
</roles>
|
|
</developer>
|
|
<developer>
|
|
<name>Dale Visser</name>
|
|
<email>dvisser@ida.org</email>
|
|
<organization>Institute for Defense Analyses</organization>
|
|
<organizationUrl>https://www.ida.org/</organizationUrl>
|
|
<roles>
|
|
<role>developer</role>
|
|
</roles>
|
|
</developer>
|
|
</developers>
|
|
<contributors>
|
|
<contributor>
|
|
<name>Hugo Costa</name>
|
|
<organization>OWASP</organization>
|
|
<organizationUrl>https://www.owasp.org/</organizationUrl>
|
|
<roles>
|
|
<role>logo design</role>
|
|
</roles>
|
|
</contributor>
|
|
</contributors>
|
|
<scm>
|
|
<connection>scm:git:git@github.com:jeremylong/DependencyCheck.git</connection>
|
|
<url>https://github.com/jeremylong/DependencyCheck</url>
|
|
<developerConnection>scm:git:git@github.com:jeremylong/DependencyCheck.git</developerConnection>
|
|
<tag>HEAD</tag>
|
|
</scm>
|
|
<issueManagement>
|
|
<system>github</system>
|
|
<url>https://github.com/jeremylong/DependencyCheck/issues</url>
|
|
</issueManagement>
|
|
<ciManagement>
|
|
<system>Cloudbees</system>
|
|
<url>https://dependency-check.ci.cloudbees.com/</url>
|
|
</ciManagement>
|
|
<mailingLists>
|
|
<mailingList>
|
|
<name>Dependency Check</name>
|
|
<subscribe>dependency-check+subscribe@googlegroups.com</subscribe>
|
|
<unsubscribe>dependency-check+unsubscribe@googlegroups.com</unsubscribe>
|
|
<post>dependency-check@googlegroups.com</post>
|
|
<archive>https://groups.google.com/forum/?fromgroups#!forum/dependency-check</archive>
|
|
</mailingList>
|
|
</mailingLists>
|
|
<licenses>
|
|
<license>
|
|
<name>The Apache Software License, Version 2.0</name>
|
|
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
|
|
</license>
|
|
</licenses>
|
|
<properties>
|
|
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
|
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
|
|
<github.global.server>github</github.global.server>
|
|
<!-- new versions of lucene are compiled with JDK 1.7 and cannot be used ubiquitously in Jenkins
|
|
thus, we cannot upgrade beyond 4.7.2 -->
|
|
<apache.lucene.version>4.7.2</apache.lucene.version>
|
|
<slf4j.version>1.7.12</slf4j.version>
|
|
<logback.version>1.1.3</logback.version>
|
|
<reporting.checkstyle-plugin.version>2.11</reporting.checkstyle-plugin.version>
|
|
<reporting.cobertura-plugin.version>2.6</reporting.cobertura-plugin.version>
|
|
<reporting.findbugs-plugin.version>2.5.3</reporting.findbugs-plugin.version>
|
|
<reporting.javadoc-plugin.version>2.9.1</reporting.javadoc-plugin.version>
|
|
<reporting.jxr-plugin.version>2.4</reporting.jxr-plugin.version>
|
|
<reporting.pmd-plugin.version>3.0.1</reporting.pmd-plugin.version>
|
|
<reporting.surefire-report-plugin.version>2.16</reporting.surefire-report-plugin.version>
|
|
<reporting.taglist-plugin.version>2.4</reporting.taglist-plugin.version>
|
|
<reporting.versions-plugin.version>2.1</reporting.versions-plugin.version>
|
|
</properties>
|
|
<distributionManagement>
|
|
<site>
|
|
<id>gh-pages</id>
|
|
<name>gh-pages</name>
|
|
<url>${project.build.directory}/site/${project.version}</url>
|
|
</site>
|
|
</distributionManagement>
|
|
<prerequisites>
|
|
<maven>3.0</maven>
|
|
</prerequisites>
|
|
<build>
|
|
<pluginManagement>
|
|
<plugins>
|
|
<plugin>
|
|
<groupId>org.codehaus.mojo</groupId>
|
|
<artifactId>appassembler-maven-plugin</artifactId>
|
|
<version>1.10</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.codehaus.mojo</groupId>
|
|
<artifactId>cobertura-maven-plugin</artifactId>
|
|
<version>2.7</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-assembly-plugin</artifactId>
|
|
<version>2.5.5</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-clean-plugin</artifactId>
|
|
<version>2.6.1</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-compiler-plugin</artifactId>
|
|
<version>3.3</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-dependency-plugin</artifactId>
|
|
<version>2.10</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-enforcer-plugin</artifactId>
|
|
<version>1.3.1</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-deploy-plugin</artifactId>
|
|
<version>2.8.2</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-failsafe-plugin</artifactId>
|
|
<version>2.18.1</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-gpg-plugin</artifactId>
|
|
<version>1.6</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-install-plugin</artifactId>
|
|
<version>2.5.2</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-jar-plugin</artifactId>
|
|
<version>2.6</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-plugin-plugin</artifactId>
|
|
<version>3.4</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-release-plugin</artifactId>
|
|
<version>2.5.2</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-resources-plugin</artifactId>
|
|
<version>2.7</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-site-plugin</artifactId>
|
|
<!-- Before upgrading this to a newer version, verify the pages produced by `mvn site` still works.
|
|
In particular, pay attention to all pages under "File type analyzers" as well as those under "General".
|
|
Previously when testing with maven-site-plugin 3.4, these links have stopped working for some reason.
|
|
-->
|
|
<version>3.3</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-surefire-plugin</artifactId>
|
|
<version>2.18.1</version>
|
|
</plugin>
|
|
</plugins>
|
|
</pluginManagement>
|
|
<plugins>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-release-plugin</artifactId>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-compiler-plugin</artifactId>
|
|
<configuration>
|
|
<showDeprecation>false</showDeprecation>
|
|
<source>1.6</source>
|
|
<target>1.6</target>
|
|
</configuration>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-failsafe-plugin</artifactId>
|
|
<configuration>
|
|
<systemProperties>
|
|
<property>
|
|
<name>temp.directory</name>
|
|
<value>${project.build.directory}/temp</value>
|
|
</property>
|
|
</systemProperties>
|
|
<includes>
|
|
<include>**/*IntegrationTest.java</include>
|
|
</includes>
|
|
</configuration>
|
|
<executions>
|
|
<execution>
|
|
<goals>
|
|
<goal>integration-test</goal>
|
|
<goal>verify</goal>
|
|
</goals>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-jar-plugin</artifactId>
|
|
<configuration>
|
|
<archive>
|
|
<manifest>
|
|
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
|
|
</manifest>
|
|
</archive>
|
|
<excludes>
|
|
<exclude>**/checkstyle*</exclude>
|
|
</excludes>
|
|
</configuration>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-resources-plugin</artifactId>
|
|
<executions>
|
|
<execution>
|
|
<id>site-filtering-hack</id>
|
|
<phase>pre-site</phase>
|
|
<goals>
|
|
<goal>copy-resources</goal>
|
|
</goals>
|
|
<inherited>false</inherited>
|
|
<configuration>
|
|
<outputDirectory>${project.build.directory}/site/</outputDirectory>
|
|
<resources>
|
|
<resource>
|
|
<directory>src/main/site-resources/</directory>
|
|
<filtering>true</filtering>
|
|
</resource>
|
|
</resources>
|
|
<encoding>UTF-8</encoding>
|
|
</configuration>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-site-plugin</artifactId>
|
|
<dependencies>
|
|
<dependency>
|
|
<groupId>org.apache.maven.doxia</groupId>
|
|
<artifactId>doxia-module-markdown</artifactId>
|
|
<version>1.5</version>
|
|
</dependency>
|
|
</dependencies>
|
|
<configuration>
|
|
<skipDeploy>true</skipDeploy>
|
|
</configuration>
|
|
</plugin>
|
|
</plugins>
|
|
</build>
|
|
<reporting>
|
|
<plugins>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-project-info-reports-plugin</artifactId>
|
|
<version>2.7</version>
|
|
<reportSets>
|
|
<reportSet>
|
|
<reports>
|
|
<!--
|
|
<report>cim</report>
|
|
<report>dependencies</report>
|
|
<report>dependency-convergence</report>
|
|
<report>dependency-info</report>
|
|
<report>dependency-management</report>
|
|
<report>distribution-management</report>
|
|
<report>index</report>
|
|
-->
|
|
<report>summary</report>
|
|
<report>mailing-list</report>
|
|
<report>issue-tracking</report>
|
|
<report>modules</report>
|
|
<report>project-team</report>
|
|
<report>scm</report>
|
|
<report>license</report>
|
|
</reports>
|
|
</reportSet>
|
|
</reportSets>
|
|
</plugin>
|
|
</plugins>
|
|
</reporting>
|
|
<dependencyManagement>
|
|
<dependencies>
|
|
<dependency>
|
|
<groupId>com.google.code.findbugs</groupId>
|
|
<artifactId>annotations</artifactId>
|
|
<version>3.0.0</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.h2database</groupId>
|
|
<artifactId>h2</artifactId>
|
|
<version>1.3.176</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>commons-cli</groupId>
|
|
<artifactId>commons-cli</artifactId>
|
|
<!-- Before upgrading to 1.3, note that this introduces several
|
|
deprecation warnings. Most notable OptionBuilder has been
|
|
marked as deprecated. Should probably be sorted out. -->
|
|
<version>1.2</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>commons-io</groupId>
|
|
<artifactId>commons-io</artifactId>
|
|
<version>2.4</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>commons-lang</groupId>
|
|
<artifactId>commons-lang</artifactId>
|
|
<version>2.6</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.sun.mail</groupId>
|
|
<artifactId>mailapi</artifactId>
|
|
<version>1.5.2</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>ch.qos.logback</groupId>
|
|
<artifactId>logback-core</artifactId>
|
|
<version>${logback.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>ch.qos.logback</groupId>
|
|
<artifactId>logback-classic</artifactId>
|
|
<version>${logback.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>junit</groupId>
|
|
<artifactId>junit</artifactId>
|
|
<version>4.12</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.commons</groupId>
|
|
<artifactId>commons-compress</artifactId>
|
|
<version>1.9</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.ant</groupId>
|
|
<artifactId>ant</artifactId>
|
|
<version>1.9.5</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.ant</groupId>
|
|
<artifactId>ant-testutil</artifactId>
|
|
<version>1.9.5</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.lucene</groupId>
|
|
<artifactId>lucene-analyzers-common</artifactId>
|
|
<version>${apache.lucene.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.lucene</groupId>
|
|
<artifactId>lucene-core</artifactId>
|
|
<version>${apache.lucene.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.lucene</groupId>
|
|
<artifactId>lucene-queryparser</artifactId>
|
|
<version>${apache.lucene.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.lucene</groupId>
|
|
<artifactId>lucene-test-framework</artifactId>
|
|
<version>${apache.lucene.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.maven</groupId>
|
|
<artifactId>maven-core</artifactId>
|
|
<version>3.3.3</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.maven</groupId>
|
|
<artifactId>maven-plugin-api</artifactId>
|
|
<version>3.3.3</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.maven</groupId>
|
|
<artifactId>maven-settings</artifactId>
|
|
<version>3.3.3</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-site-plugin</artifactId>
|
|
<version>3.4</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.maven.plugin-testing</groupId>
|
|
<artifactId>maven-plugin-testing-harness</artifactId>
|
|
<version>3.3.0</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.maven.plugin-tools</groupId>
|
|
<artifactId>maven-plugin-annotations</artifactId>
|
|
<version>3.4</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.maven.reporting</groupId>
|
|
<artifactId>maven-reporting-api</artifactId>
|
|
<version>3.0</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.velocity</groupId>
|
|
<artifactId>velocity</artifactId>
|
|
<version>1.7</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.hamcrest</groupId>
|
|
<artifactId>hamcrest-core</artifactId>
|
|
<version>1.3</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.jmockit</groupId>
|
|
<artifactId>jmockit</artifactId>
|
|
<!-- Upgrading to 1.17 introduces build failures when building
|
|
with OpenJDK. -->
|
|
<version>1.16</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.jsoup</groupId>
|
|
<artifactId>jsoup</artifactId>
|
|
<version>1.7.2</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.slf4j</groupId>
|
|
<artifactId>slf4j-api</artifactId>
|
|
<version>${slf4j.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.slf4j</groupId>
|
|
<artifactId>slf4j-ext</artifactId>
|
|
<version>${slf4j.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.slf4j</groupId>
|
|
<artifactId>slf4j-jdk14</artifactId>
|
|
<version>${slf4j.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.slf4j</groupId>
|
|
<artifactId>slf4j-simple</artifactId>
|
|
<version>${slf4j.version}</version>
|
|
</dependency>
|
|
</dependencies>
|
|
</dependencyManagement>
|
|
<dependencies>
|
|
<dependency>
|
|
<groupId>junit</groupId>
|
|
<artifactId>junit</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.hamcrest</groupId>
|
|
<artifactId>hamcrest-core</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
</dependencies>
|
|
</project>
|