-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpom.xml
More file actions
90 lines (83 loc) · 3.74 KB
/
Copy pathpom.xml
File metadata and controls
90 lines (83 loc) · 3.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>biz.datainmotion.training</groupId>
<artifactId>secure-coding-demo</artifactId>
<version>1.0.0-SNAPSHOT</version>
<packaging>jar</packaging>
<properties>
<maven.compiler.release>21</maven.compiler.release>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<!-- Versionen Stand der Erstellung — vor Nutzung aktualisieren. -->
<compiler-plugin.version>3.13.0</compiler-plugin.version>
<cyclonedx.version>2.9.1</cyclonedx.version>
<dependency-check.version>10.0.4</dependency-check.version>
<spotbugs.version>4.8.6.4</spotbugs.version>
<findsecbugs.version>1.13.0</findsecbugs.version>
<owasp-encoder.version>1.3.1</owasp-encoder.version>
</properties>
<dependencies>
<!-- JPA-API (provided) — nur zur Illustration der ORM-Abgrenzung -->
<dependency>
<groupId>jakarta.persistence</groupId>
<artifactId>jakarta.persistence-api</artifactId>
<version>3.2.0</version>
<scope>provided</scope>
</dependency>
<!-- OWASP Java Encoder — kontextgerechtes Output-Encoding statt Eigenbau -->
<dependency>
<groupId>org.owasp.encoder</groupId>
<artifactId>encoder</artifactId>
<version>${owasp-encoder.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
<!-- Java-Version erzwingen (Default-Plugin ist zu alt für 'release') -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>${compiler-plugin.version}</version>
</plugin>
<!-- SBOM erzeugen (CycloneDX): mvn package -> target/bom.json -->
<plugin>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-maven-plugin</artifactId>
<version>${cyclonedx.version}</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>makeAggregateBom</goal></goals>
</execution>
</executions>
</plugin>
<!-- SCA: bekannte Schwachstellen in Abhängigkeiten: mvn dependency-check:check -->
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${dependency-check.version}</version>
<configuration>
<!-- Build bricht ab CVSS >= 7 (High/Critical). -->
<failBuildOnCVSS>7</failBuildOnCVSS>
</configuration>
</plugin>
<!-- SAST: SpotBugs + FindSecBugs: mvn spotbugs:check -->
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>${spotbugs.version}</version>
<configuration>
<plugins>
<plugin>
<groupId>com.h3xstream.findsecbugs</groupId>
<artifactId>findsecbugs-plugin</artifactId>
<version>${findsecbugs.version}</version>
</plugin>
</plugins>
</configuration>
</plugin>
</plugins>
</build>
</project>