add findSecBugs extension into spotbugs plug-in

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-12-09 18:20:56 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-12-09 18:20:56 +0100
commit: c4f117e74b8ade8b420f0443955ec6b94f88cee4 (patch)
tree: 5d8aabd71d2df048bf2a1897a97a7cf13061b29c /pom.xml
parent: 9e7812cb52bfe64e72855eecbd28a756718ce1e1 (diff)
download: EAAF-Components-c4f117e74b8ade8b420f0443955ec6b94f88cee4.tar.gz
EAAF-Components-c4f117e74b8ade8b420f0443955ec6b94f88cee4.tar.bz2
EAAF-Components-c4f117e74b8ade8b420f0443955ec6b94f88cee4.zip
1 files changed, 24 insertions, 8 deletions
diff --git a/pom.xml b/pom.xml
index 33588b5d..ae131914 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,7 +11,7 @@
 
   <name>EGIZ EAAF components</name>
 
-  <properties> 
+  <properties>
     <!-- General project properties -->
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <java.version>1.8</java.version>
@@ -68,6 +68,7 @@
     <joda-time.version>2.10.8</joda-time.version>
     <jsr305.version>3.0.2</jsr305.version>
     <com.google.guava.version>30.0-jre</com.google.guava.version>
+    <org.owasp.encoder.version>1.2.3</org.owasp.encoder.version>
 
     <httpclient.version>4.5.13</httpclient.version>
     <httpcore.version>4.4.14</httpcore.version>
@@ -92,6 +93,7 @@
     <maven-checkstyle-plugin.version>3.1.1</maven-checkstyle-plugin.version>
     <maven-pmd-plugin.version>3.14.0</maven-pmd-plugin.version>
     <spotbugs-maven-plugin.version>4.1.4</spotbugs-maven-plugin.version>
+    <findsecbugs-plugin.version>1.11.0</findsecbugs-plugin.version>
     <dependency-check-maven.version>6.0.3</dependency-check-maven.version>
 
     <license.outputDirectory>${project.build.directory}/thirdparty_licenses</license.outputDirectory>
@@ -107,7 +109,7 @@
     <repository>
       <id>gitlab-localbuild</id>
       <url>https://gitlab.iaik.tugraz.at/api/v4/groups/119/-/packages/maven</url>
-    </repository>    
+    </repository>
     <repository>
       <id>egiz-commons</id>
       <url>https://apps.egiz.gv.at/maven/</url>
@@ -197,7 +199,7 @@
           </plugin>
         </plugins>
       </build>
-    </profile>    
+    </profile>
   </profiles>
 
   <modules>
@@ -356,7 +358,7 @@
         <groupId>javax.annotation</groupId>
         <artifactId>javax.annotation-api</artifactId>
         <version>${javax.annotation-api}</version>
-      </dependency>      
+      </dependency>
       <dependency>
         <groupId>commons-collections</groupId>
         <artifactId>commons-collections</artifactId>
@@ -433,11 +435,12 @@
         <version>${org.apache.santuario.xmlsec.version}</version>
       </dependency>
       <dependency>
-        <!-- Set newer version, because 1.1.3 from openSAML dependency has an CVE-2020-7226 -->
+        <!-- Set newer version, because 1.1.3 from openSAML dependency has 
+          an CVE-2020-7226 -->
         <groupId>org.cryptacular</groupId>
         <artifactId>cryptacular</artifactId>
         <version>${org.cryptacular.version}</version>
-      </dependency>      
+      </dependency>
       <dependency>
         <groupId>org.bouncycastle</groupId>
         <artifactId>bcprov-jdk15to18</artifactId>
@@ -446,7 +449,7 @@
       <dependency>
         <groupId>org.bouncycastle</groupId>
         <artifactId>bctls-jdk15to18</artifactId>
-        <version>${org.bouncycastle.bctls-jdk15to18.version}</version>      
+        <version>${org.bouncycastle.bctls-jdk15to18.version}</version>
       </dependency>
 
       <dependency>
@@ -488,6 +491,12 @@
       </dependency>
 
       <dependency>
+        <groupId>org.owasp.encoder</groupId>
+        <artifactId>encoder</artifactId>
+        <version>${org.owasp.encoder.version}</version>
+      </dependency>
+
+      <dependency>
         <groupId>joda-time</groupId>
         <artifactId>joda-time</artifactId>
         <version>${joda-time.version}</version>
@@ -534,7 +543,7 @@
         <artifactId>okhttp-tls</artifactId>
         <version>${com.squareup.okhttp3.version}</version>
         <scope>test</scope>
-      </dependency>      
+      </dependency>
       <dependency>
         <groupId>at.gv.egiz.eaaf</groupId>
         <artifactId>eaaf_core_utils</artifactId>
@@ -723,6 +732,13 @@
         </executions>
         <configuration>
           <failOnError>true</failOnError>
+          <plugins>
+            <plugin>
+              <groupId>com.h3xstream.findsecbugs</groupId>
+              <artifactId>findsecbugs-plugin</artifactId>
+              <version>${findsecbugs-plugin.version}</version>
+            </plugin>
+          </plugins>
         </configuration>
       </plugin>
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-12-09 18:20:56 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-12-09 18:20:56 +0100
commit	c4f117e74b8ade8b420f0443955ec6b94f88cee4 (patch)
tree	5d8aabd71d2df048bf2a1897a97a7cf13061b29c /pom.xml
parent	9e7812cb52bfe64e72855eecbd28a756718ce1e1 (diff)
download	EAAF-Components-c4f117e74b8ade8b420f0443955ec6b94f88cee4.tar.gz EAAF-Components-c4f117e74b8ade8b420f0443955ec6b94f88cee4.tar.bz2 EAAF-Components-c4f117e74b8ade8b420f0443955ec6b94f88cee4.zip