add 'findSecBugs' plug-in into 'spotBugs' module and solve bugs or exclude false-positive

update gitlab-ci configuration to display jUnit test-coverage
author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-12-11 16:33:00 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-12-11 16:33:00 +0100
commit: 26e422ff90f2a4fb9d2d25c0b2328b365fe5f0d7 (patch)
tree: 2bf10a997dd1c5239d70fae4a77f4d56b9bd7e44 /pom.xml
parent: 230e6c3890c7e63b286e9a08001e5ffd63743d2c (diff)
download: National_eIDAS_Gateway-26e422ff90f2a4fb9d2d25c0b2328b365fe5f0d7.tar.gz
National_eIDAS_Gateway-26e422ff90f2a4fb9d2d25c0b2328b365fe5f0d7.tar.bz2
National_eIDAS_Gateway-26e422ff90f2a4fb9d2d25c0b2328b365fe5f0d7.zip
1 files changed, 46 insertions, 11 deletions
diff --git a/pom.xml b/pom.xml
index 2c8cb1e7..c360f910 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,29 +20,32 @@
     <egiz-spring-api>0.3</egiz-spring-api>
     <egiz-eventlog-slf4jBackend>0.4</egiz-eventlog-slf4jBackend>
     <eaaf-core.version>1.1.10</eaaf-core.version>
-    <org.springframework.version>5.2.9.RELEASE</org.springframework.version>
+    <org.springframework.version>5.2.12.RELEASE</org.springframework.version>
     <org.thymeleaf-spring5.version>3.0.11.RELEASE</org.thymeleaf-spring5.version>
-    <cxf.version>3.4.0</cxf.version>
+    <cxf.version>3.4.1</cxf.version>
 
     <org.apache.commons-lang3.version>3.11</org.apache.commons-lang3.version>
     <org.apache.commons-text.version>1.9</org.apache.commons-text.version>
     <commons-collections4.version>4.4</commons-collections4.version>
-    <com.google.guava.version>29.0-jre</com.google.guava.version>
-    <joda-time.version>2.10.6</joda-time.version>
+    <com.google.guava.version>30.0-jre</com.google.guava.version>
+    <joda-time.version>2.10.8</joda-time.version>
     <org.slf4j.version>1.7.30</org.slf4j.version>
-    <jackson-datatype-jsr310.version>2.11.3</jackson-datatype-jsr310.version>
-    
-        
+    <jackson-datatype-jsr310.version>2.12.0</jackson-datatype-jsr310.version>
+
+
     <!-- testing -->
-    <junit.version>4.13</junit.version>
+    <junit.version>4.13.1</junit.version>
     <surefire.version>2.22.2</surefire.version>
     <mockito-soap-cxf.version>1.0.5</mockito-soap-cxf.version>
 
     <!-- Code quality checks -->
     <jacoco-maven-plugin.version>0.8.6</jacoco-maven-plugin.version>
     <maven-checkstyle-plugin.version>3.1.1</maven-checkstyle-plugin.version>
-    <maven-pmd-plugin.version>3.13.0</maven-pmd-plugin.version>
-    <spotbugs-maven-plugin.version>4.0.4</spotbugs-maven-plugin.version>
+    <maven-pmd-plugin.version>3.14.0</maven-pmd-plugin.version>
+    <spotbugs-maven-plugin.version>4.1.4</spotbugs-maven-plugin.version>
+    <findsecbugs-plugin.version>1.11.0</findsecbugs-plugin.version>
+
+    <dependency-check-maven.version>6.0.3</dependency-check-maven.version>
 
     <license.outputDirectory>${project.build.directory}/thirdparty_licenses</license.outputDirectory>
     <pmw_rules_location>https://apps.egiz.gv.at/checkstyle/egiz_pmd_checks.xml</pmw_rules_location>
@@ -95,6 +98,7 @@
     <module>connector_lib</module>
     <module>connector</module>
     <module>eidas_modules</module>
+    <module>build_reporting</module>
   </modules>
 
   <dependencyManagement>
@@ -121,6 +125,12 @@
         <version>${eaaf-core.version}</version>
       </dependency>
       <dependency>
+        <groupId>at.asitplus.eidas.ms_specific</groupId>
+        <artifactId>ms_specific_connector</artifactId>
+        <type>war</type>
+        <version>${egiz.eidas.version}</version>
+      </dependency>
+      <dependency>
         <groupId>at.asitplus.eidas.ms_specific.modules</groupId>
         <artifactId>authmodule-eIDAS-v2</artifactId>
         <version>${egiz.eidas.version}</version>
@@ -303,6 +313,24 @@
           <version>${maven-assembly-plugin.version}</version>
         </plugin>
 
+        <plugin>
+          <groupId>org.owasp</groupId>
+          <artifactId>dependency-check-maven</artifactId>
+          <version>${dependency-check-maven.version}</version>
+          <configuration>
+            <failBuildOnCVSS>11</failBuildOnCVSS>
+            <failOnError>false</failOnError>
+          </configuration>
+          <executions>
+            <execution>
+              <goals>
+                <goal>check</goal>
+              </goals>
+            </execution>
+          </executions>
+        </plugin>
+
+
       </plugins>
     </pluginManagement>
     <plugins>
@@ -453,6 +481,13 @@
         </executions>
         <configuration>
           <failOnError>true</failOnError>
+          <plugins>
+            <plugin>
+              <groupId>com.h3xstream.findsecbugs</groupId>
+              <artifactId>findsecbugs-plugin</artifactId>
+              <version>${findsecbugs-plugin.version}</version>
+            </plugin>
+          </plugins>
         </configuration>
       </plugin>
     </plugins>
@@ -479,4 +514,4 @@
       </plugin>
     </plugins>
   </reporting>
-</project>
-\ No newline at end of file
+</project>
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-12-11 16:33:00 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-12-11 16:33:00 +0100
commit	26e422ff90f2a4fb9d2d25c0b2328b365fe5f0d7 (patch)
tree	2bf10a997dd1c5239d70fae4a77f4d56b9bd7e44 /pom.xml
parent	230e6c3890c7e63b286e9a08001e5ffd63743d2c (diff)
download	National_eIDAS_Gateway-26e422ff90f2a4fb9d2d25c0b2328b365fe5f0d7.tar.gz National_eIDAS_Gateway-26e422ff90f2a4fb9d2d25c0b2328b365fe5f0d7.tar.bz2 National_eIDAS_Gateway-26e422ff90f2a4fb9d2d25c0b2328b365fe5f0d7.zip