sonar-quality-gate-maven-plugin
Used in:
components
- OverviewOverview
- VersionsVersions
- DependentsDependents
- DependenciesDependencies
<dependency>
<groupId>io.github.r0bb3n</groupId>
<artifactId>sonar-quality-gate-maven-plugin</artifactId>
<version>1.3.0</version>
</dependency><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>io.github.r0bb3n</groupId>
<artifactId>sonar-quality-gate-maven-plugin</artifactId>
<packaging>maven-plugin</packaging>
<version>1.3.0</version>
<name>Sonar Quality Gate Maven Plugin</name>
<description>The Sonar Quality Gate Maven Plugin checks the project status in SonarQube and fails
the maven job when the Quality Gate is not passed.
</description>
<url>https://r0bb3n.github.io/sonar-quality-gate-maven-plugin/</url>
<prerequisites>
<maven>3</maven>
</prerequisites>
<inceptionYear>2020</inceptionYear>
<licenses>
<license>
<name>Apache-2.0</name>
<url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
<distribution>repo,manual</distribution>
<comments>Apache License, Version 2.0</comments>
</license>
</licenses>
<developers>
<developer>
<name>r0bb3n</name>
<url>https://github.com/r0bb3n</url>
<roles>
<role>owner</role>
</roles>
</developer>
</developers>
<scm>
<url>https://github.com/r0bb3n/sonar-quality-gate-maven-plugin</url>
<connection>scm:git:git@github.com:r0bb3n/sonar-quality-gate-maven-plugin.git</connection>
<developerConnection>scm:git:git@github.com:r0bb3n/sonar-quality-gate-maven-plugin.git
</developerConnection>
<tag>v1.3.0</tag>
</scm>
<issueManagement>
<system>GitHub</system>
<url>https://github.com/r0bb3n/sonar-quality-gate-maven-plugin/issues</url>
</issueManagement>
<ciManagement>
<system>GitHub Actions</system>
<url>https://github.com/r0bb3n/sonar-quality-gate-maven-plugin/actions</url>
</ciManagement>
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>${nexusUrl}/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>${nexusUrl}/service/local/staging/deploy/maven2/</url>
</repository>
<site>
<id>github-pages</id>
<url>scm:git:git@github.com:r0bb3n/sonar-quality-gate-maven-plugin.git</url>
</site>
</distributionManagement>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<maven.compiler.release>11</maven.compiler.release>
<nexusUrl>https://oss.sonatype.org</nexusUrl>
<sonar.organization>r0bb3n</sonar.organization>
<sonar.host.url>https://sonarcloud.io</sonar.host.url>
<sonar.java.source>${maven.compiler.release}</sonar.java.source>
<sonar.java.checkstyle.reportPaths>target/checkstyle-result.xml</sonar.java.checkstyle.reportPaths>
<sonar.coverage.jacoco.xmlReportPaths>target/site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
<sonar.java.pmd.reportPaths>target/pmd.xml,target/cpd.xml</sonar.java.pmd.reportPaths>
<sonar.exclusions>.idea/**</sonar.exclusions>
<version.jackson>2.13.4</version.jackson>
<version.jackson-databind>2.13.4.2</version.jackson-databind>
<version.log4j>2.19.0</version.log4j>
<version.hamcrest>2.2</version.hamcrest>
<version.maven-plugin-tools>3.6.4</version.maven-plugin-tools>
</properties>
<build>
<plugins>
<plugin>
<artifactId>maven-plugin-plugin</artifactId>
<executions>
<execution>
<id>default-descriptor</id>
<goals>
<goal>descriptor</goal>
</goals>
<phase>process-classes</phase>
</execution>
<execution>
<id>generate-helpmojo</id>
<goals>
<goal>helpmojo</goal>
</goals>
<configuration>
<helpPackageName>org.r0bb3n.maven.generated</helpPackageName>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>analyze</id>
<goals>
<goal>analyze-only</goal>
</goals>
<configuration>
<failOnWarning>true</failOnWarning>
<outputXML>true</outputXML>
<ignoredDependencies>
<ignoredDependency>org.projectlombok:lombok::</ignoredDependency>
</ignoredDependencies>
<ignoredUnusedDeclaredDependencies>
<ignoredUnusedDeclaredDependency>org.apache.logging.log4j:log4j-core</ignoredUnusedDeclaredDependency>
<ignoredUnusedDeclaredDependency>org.apache.logging.log4j:log4j-slf4j-impl
</ignoredUnusedDeclaredDependency>
</ignoredUnusedDeclaredDependencies>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>${nexusUrl}/</nexusUrl>
<autoReleaseAfterClose>true</autoReleaseAfterClose>
<skipLocalStaging>true</skipLocalStaging>
</configuration>
</plugin>
<plugin>
<artifactId>maven-release-plugin</artifactId>
<configuration>
<tagNameFormat>v@{project.version}</tagNameFormat>
<releaseProfiles>build-for-release</releaseProfiles>
<signTag>true</signTag>
</configuration>
</plugin>
<plugin>
<artifactId>maven-site-plugin</artifactId>
<configuration>
<skipDeploy>true</skipDeploy>
</configuration>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<artifactId>maven-plugin-plugin</artifactId>
<version>${version.maven-plugin-tools}</version>
</plugin>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.10.1</version>
</plugin>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.22.2</version>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.8</version>
</plugin>
<plugin>
<artifactId>maven-dependency-plugin</artifactId>
<version>3.3.0</version>
</plugin>
<plugin>
<artifactId>maven-deploy-plugin</artifactId>
<version>3.0.0</version>
</plugin>
<plugin>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.0.1</version>
</plugin>
<plugin>
<artifactId>maven-source-plugin</artifactId>
<version>3.2.1</version>
</plugin>
<plugin>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.4.1</version>
</plugin>
<plugin>
<artifactId>maven-release-plugin</artifactId>
<version>3.0.0-M6</version>
</plugin>
<plugin>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>3.2.0</version>
<configuration>
<configLocation>checkstyle-configuration.xml</configLocation>
<enableRSS>false</enableRSS>
<linkXRef>false</linkXRef>
<failOnViolation>false</failOnViolation>
<failsOnError>false</failsOnError>
<!-- excludes works only on package level -->
<excludes>**/generated/**/*.java</excludes>
<violationSeverity>warning</violationSeverity>
</configuration>
<dependencies>
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
<version>10.3.4</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.19.0</version>
<configuration>
<targetJdk>${maven.compiler.release}</targetJdk>
<linkXRef>false</linkXRef>
<failOnViolation>false</failOnViolation>
<printFailingErrors>true</printFailingErrors>
<excludes>
<exclude>**/generated/**/*.java</exclude>
</excludes>
</configuration>
</plugin>
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.9.1.2184</version>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.13</version>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>7.3.0</version>
</plugin>
<plugin>
<artifactId>maven-site-plugin</artifactId>
<version>3.12.1</version>
</plugin>
<plugin>
<artifactId>maven-scm-publish-plugin</artifactId>
<version>3.1.0</version>
</plugin>
<plugin>
<artifactId>maven-project-info-reports-plugin</artifactId>
<version>3.4.1</version>
</plugin>
</plugins>
</pluginManagement>
</build>
<reporting>
<plugins>
<plugin>
<artifactId>maven-project-info-reports-plugin</artifactId>
<reportSets>
<reportSet>
<reports>
<report>index</report>
<report>scm</report>
<report>ci-management</report>
<report>issue-management</report>
<report>team</report>
<report>licenses</report>
</reports>
</reportSet>
</reportSets>
</plugin>
<plugin>
<artifactId>maven-plugin-plugin</artifactId>
<configuration>
<detail>true</detail>
<requirements>
<jdk>${maven.compiler.release}</jdk>
<others>
<property>
<name>SonarQube (by mode)</name>
<value>5.3+ (integrated) / 5.4+ (simple) / 7.7+ (advanced)</value>
</property>
</others>
</requirements>
</configuration>
</plugin>
</plugins>
</reporting>
<profiles>
<profile>
<id>build-for-release</id>
<build>
<plugins>
<plugin>
<artifactId>maven-source-plugin</artifactId>
<executions>
<execution>
<id>build-sources-jar</id>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-javadoc-plugin</artifactId>
<configuration>
<doclint>none</doclint>
<show>private</show>
</configuration>
<executions>
<execution>
<id>build-javadoc-jar</id>
<phase>package</phase>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
<configuration>
<!-- enable passphrase handling via plugin -->
<gpgArguments>
<arg>--pinentry-mode</arg>
<arg>loopback</arg>
</gpgArguments>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-scm-publish-plugin</artifactId>
<executions>
<execution>
<id>publish-site-to-github-branch</id>
<phase>site-deploy</phase>
<goals>
<goal>publish-scm</goal>
</goals>
<configuration>
<content>${project.reporting.outputDirectory}</content>
<siteOutputEncoding>${project.reporting.outputEncoding}</siteOutputEncoding>
<scmBranch>gh-pages</scmBranch>
<serverId>github-pages</serverId>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<!-- continuous integration profile that enables additional checks and analyses -->
<!-- mainly used for sonar analysis supplies -->
<id>ci-run</id>
<build>
<plugins>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<executions>
<execution>
<id>prepare-agent</id>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
<execution>
<id>report</id>
<goals>
<goal>report</goal>
</goals>
<phase>test</phase>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-checkstyle-plugin</artifactId>
<executions>
<execution>
<id>check-sources</id>
<goals>
<goal>check</goal>
</goals>
<phase>verify</phase>
<configuration>
<failOnViolation>true</failOnViolation>
<failsOnError>true</failsOnError>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-pmd-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>check</goal>
<goal>cpd-check</goal>
</goals>
<phase>verify</phase>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<!-- checks dependencies for vulnerabilities and fails maven job -->
<!-- this job is triggered time based on CI server -->
<id>vuln-check</id>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<!-- fail on every finding -->
<failBuildOnCVSS>0</failBuildOnCVSS>
<suppressionFile>dependency-check-suppressions.xml</suppressionFile>
<!-- limit to maven project running without prev. install -->
<centralAnalyzerEnabled>true</centralAnalyzerEnabled>
<archiveAnalyzerEnabled>false</archiveAnalyzerEnabled>
<jarAnalyzerEnabled>false</jarAnalyzerEnabled>
<nexusAnalyzerEnabled>false</nexusAnalyzerEnabled>
<opensslAnalyzerEnabled>false</opensslAnalyzerEnabled>
<nodeAnalyzerEnabled>false</nodeAnalyzerEnabled>
<nodeAuditAnalyzerEnabled>false</nodeAuditAnalyzerEnabled>
<enableRetired>false</enableRetired>
<retireJsAnalyzerEnabled>false</retireJsAnalyzerEnabled>
<retireJsAnalyzerEnabled>false</retireJsAnalyzerEnabled>
<nuspecAnalyzerEnabled>false</nuspecAnalyzerEnabled>
<assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
<enableExperimental>false</enableExperimental>
<!-- plugins will be checked by dependabot -->
<versionCheckEnabled>false</versionCheckEnabled>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-core</artifactId>
<version>${version.hamcrest}</version>
<scope>test</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${version.jackson-databind}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${version.jackson}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${version.jackson}</version>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-plugin-api</artifactId>
<version>3.8.6</version>
<scope>provided</scope>
</dependency>
<!-- dependencies to annotations -->
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-annotations</artifactId>
<version>${version.maven-plugin-tools}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.24</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.13.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.github.tomakehurst</groupId>
<artifactId>wiremock-jre8</artifactId>
<version>2.34.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>${version.log4j}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>${version.log4j}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j-impl</artifactId>
<version>${version.log4j}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>4.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest</artifactId>
<version>${version.hamcrest}</version>
<scope>test</scope>
</dependency>
</dependencies>
</project>
Open source consumption has exploded, with estimates placing this year’s downloads at over 6.6 trillion. This reliance on open source components, now making up to 90% of the modern software application, has ushered in both unprecedented innovation and complex challenges for software supply chains.
View the Report