Skip to content

Commit

Permalink
Adding maven dependency check to identify publicly disclosed vulnerab…
Browse files Browse the repository at this point in the history
…ilities (#751)

* Added dependency-check-maven and updated grpc modules

* Adding dependency check to pipeline

* Test pipeline

* Test pipeline

* Test pipeline

* Test pipeline
  • Loading branch information
shreyas-gopalakrishna committed Jul 14, 2024
1 parent e107171 commit 8b4331d
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 4 deletions.
6 changes: 5 additions & 1 deletion azure-pipelines.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,10 @@ jobs:
.\package-pipeline.ps1 -buildNumber $buildNumber
name: output
displayName: 'Executing build script'
- pwsh: |
mvn dependency-check:check
condition: and(eq(variables['Build.SourceBranch'], 'refs/heads/dev'), eq(variables['SkipMavenDependencyCheck'], 'false'))
displayName: 'Maven dependency check'
- task: CopyFiles@2
inputs:
SourceFolder: '$(Build.Repository.LocalPath)/pkg'
Expand Down Expand Up @@ -155,7 +159,7 @@ jobs:
displayName: 'Install .NET 6'
inputs:
version: 6.0.x
- pwsh: | # Download JDK for later installation
- pwsh: | # Download JDK for later installation
Invoke-WebRequest $(JDK_DOWNLOAD_LINK) -O "$(JAVA_VERSION).tar.gz"
$current = get-location | select -ExpandProperty Path
Write-Host "##vso[task.setvariable variable=downloadPath;]$current"
Expand Down
22 changes: 19 additions & 3 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -72,17 +72,17 @@
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-protobuf</artifactId>
<version>1.57.2</version>
<version>1.61.0</version>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-stub</artifactId>
<version>1.45.2</version>
<version>1.61.0</version>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-netty-shaded</artifactId>
<version>1.45.2</version>
<version>1.61.0</version>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
Expand Down Expand Up @@ -303,6 +303,22 @@
</systemProperties>
</configuration>
</plugin>
<!-- This plugin is used to detect publicly disclosed vulnerabilities contained within a project’s dependencies -->
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>9.0.9</version>
<configuration>
<failBuildOnCVSS>7</failBuildOnCVSS>
</configuration>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>

0 comments on commit 8b4331d

Please sign in to comment.