dependency-check-parent
Used in:
components
- OverviewOverview
- VersionsVersions
- DependentsDependents
- DependenciesDependencies
<dependency> <groupId>org.owasp</groupId> <artifactId>dependency-check-parent</artifactId> <version>12.1.1</version> </dependency>
<!-- This file is part of Dependency-Check. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Copyright (c) 2012 - Jeremy Long --> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>org.owasp</groupId> <artifactId>dependency-check-parent</artifactId> <version>12.1.1</version> <packaging>pom</packaging> <modules> <module>utils</module> <module>core</module> <module>cli</module> <module>ant</module> <module>maven</module> <module>archetype</module> </modules> <name>Dependency-Check</name> <url>https://github.com/dependency-check/DependencyCheck.git</url> <description>dependency-check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed vulnerabilities. This tool can be part of the solution to the OWASP Top 10 2013: A9 - Using Components with Known Vulnerabilities.</description> <inceptionYear>2012</inceptionYear> <organization> <name>OWASP</name> <url>https://www.owasp.org</url> </organization> <developers> <developer> <name>Jeremy Long</name> <email>jeremy.long@owasp.org</email> <organization>OWASP</organization> <organizationUrl>https://www.owasp.org/</organizationUrl> <roles> <role>architect</role> <role>developer</role> </roles> </developer> <developer> <name>Steve Springett</name> <email>Steve.Springett@owasp.org</email> <organization>OWASP</organization> <organizationUrl>https://www.owasp.org/</organizationUrl> <roles> <role>developer</role> </roles> </developer> <developer> <name>Will Stranathan</name> <email>Will.Stranathan@owasp.org</email> <organization>OWASP</organization> <organizationUrl>https://www.owasp.org/</organizationUrl> <roles> <role>developer</role> </roles> </developer> <developer> <name>Dale Visser</name> <email>dvisser@ida.org</email> <organization>Institute for Defense Analyses</organization> <organizationUrl>https://www.ida.org/</organizationUrl> <roles> <role>developer</role> </roles> </developer> </developers> <contributors> <contributor> <name>Hugo Costa</name> <organization>OWASP</organization> <organizationUrl>https://www.owasp.org/</organizationUrl> <roles> <role>logo design</role> </roles> </contributor> </contributors> <scm> <connection>scm:git:https://github.com/dependency-check/DependencyCheck.git</connection> <url>https://github.com/dependency-check/DependencyCheck</url> <developerConnection>scm:git:https://github.com/dependency-check/DependencyCheck.git</developerConnection> <tag>v12.1.1</tag> </scm> <issueManagement> <system>github</system> <url>https://github.com/dependency-check/DependencyCheck/issues</url> </issueManagement> <ciManagement> <system>github-actions</system> <url>https://github.com/dependency-check/DependencyCheck/actions</url> </ciManagement> <licenses> <license> <name>The Apache Software License, Version 2.0</name> <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> </license> </licenses> <properties> <maven.compiler.release>11</maven.compiler.release> <!--reproducible build--> <project.build.outputTimestamp>2025-04-05T11:23:00Z</project.build.outputTimestamp> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> <github.global.server>github</github.global.server> <apache.lucene.version>9.12.0</apache.lucene.version> <apache.ant.version>1.10.15</apache.ant.version> <!-- upgrading slf4j and logback can cause issues ;) https://github.com/dependency-check/DependencyCheck/issues/4846 --> <slf4j.version>1.7.36</slf4j.version> <logback.version>1.2.13</logback.version> <maven.api.version>3.6.3</maven.api.version> <reporting.checkstyle-plugin.version>3.6.0</reporting.checkstyle-plugin.version> <reporting.checkstyle.tool.version>9.3</reporting.checkstyle.tool.version> <doxia-base.version>2.0.0</doxia-base.version> <maven-antrun-plugin.version>3.1.0</maven-antrun-plugin.version> <maven-dependency-plugin.version>3.8.1</maven-dependency-plugin.version> <maven-javadoc-plugin.version>3.11.2</maven-javadoc-plugin.version> <!-- upgrading beyond 2.5 breaks maven site--> <maven-jxr-plugin.version>2.5</maven-jxr-plugin.version> <maven-project-info-reports-plugin.version>3.9.0</maven-project-info-reports-plugin.version> <maven-surefire-report-plugin.version>3.5.3</maven-surefire-report-plugin.version> <jacoco-maven-plugin.version>0.8.13</jacoco-maven-plugin.version> <spotbugs.version>4.9.3</spotbugs.version> <spotbugs.maven.plugin.version>4.9.3.0</spotbugs.maven.plugin.version> <taglist-maven-plugin.version>3.2.1</taglist-maven-plugin.version> <versions-maven-plugin.version>2.18.0</versions-maven-plugin.version> <jetbrains.annotations.version>26.0.2</jetbrains.annotations.version> <findbugs.spotbugs.version>4.9.3</findbugs.spotbugs.version> <com.h2database.version>2.3.232</com.h2database.version> <commons-cli.version>1.9.0</commons-cli.version> <commons-io.version>2.18.0</commons-io.version> <commons-lang3.version>3.17.0</commons-lang3.version> <commons-text.version>1.13.0</commons-text.version> <httpcomponents.client.version>5.4.3</httpcomponents.client.version> <httpcomponents.core.version>5.3.4</httpcomponents.core.version> <!-- note that logging will be noisy and broken until we upgrade to 3.2 See https://issues.apache.org/jira/browse/JCS-232 and https://github.com/apache/commons-jcs/pull/120 --> <commons-jcs-core.version>3.2.1</commons-jcs-core.version> <aho-corasick-double-array-trie.version>1.2.3</aho-corasick-double-array-trie.version> <junit.version>4.13.2</junit.version> <hamcrest.version>3.0</hamcrest.version> <mockito-core.version>5.12.0</mockito-core.version> <jsoup.version>1.19.1</jsoup.version> <commons-compress.version>1.27.1</commons-compress.version> <org.apache.maven.shared.file-management.version>3.1.0</org.apache.maven.shared.file-management.version> <maven-plugin-testing-harness.version>3.3.0</maven-plugin-testing-harness.version> <maven-plugin-annotations.version>3.15.1</maven-plugin-annotations.version> <maven-reporting-api.version>4.0.0</maven-reporting-api.version> <org.apache.velocity.version>2.4.1</org.apache.velocity.version> <maven-dependency-tree.version>3.3.0</maven-dependency-tree.version> <org.glassfish.jakarta.json.version>2.0.1</org.glassfish.jakarta.json.version> <maven-artifact-transfer.version>0.13.1</maven-artifact-transfer.version> <maven-common-artifact-filters.version>3.4.0</maven-common-artifact-filters.version> <groovy-all.version>2.4.21</groovy-all.version> <gmavenplus-plugin.version>4.1.1</gmavenplus-plugin.version> <com.h3xstream.retirejs.core.version>3.0.4</com.h3xstream.retirejs.core.version> <jackson.version>2.18.3</jackson.version> <!--necassary for some IDEs to be able to execute test cases (Netbeans)--> <surefireArgLine /> <mock-server.version>5.15.0</mock-server.version> </properties> <distributionManagement> <snapshotRepository> <id>ossrh</id> <url>https://oss.sonatype.org/content/repositories/snapshots</url> </snapshotRepository> <repository> <id>ossrh</id> <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url> </repository> <site> <id>gh-pages</id> <name>gh-pages</name> <url>https://dependency-check.github.io/DependencyCheck/</url> </site> </distributionManagement> <build> <defaultGoal>clean install</defaultGoal> <pluginManagement> <plugins> <plugin> <groupId>org.jsonschema2pojo</groupId> <artifactId>jsonschema2pojo-maven-plugin</artifactId> <version>1.2.2</version> </plugin> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>appassembler-maven-plugin</artifactId> <version>2.1.0</version> </plugin> <plugin> <groupId>org.jacoco</groupId> <artifactId>jacoco-maven-plugin</artifactId> <version>${jacoco-maven-plugin.version}</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-assembly-plugin</artifactId> <version>3.7.1</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-clean-plugin</artifactId> <version>3.4.1</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>3.14.0</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-dependency-plugin</artifactId> <version>${maven-dependency-plugin.version}</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-artifact-plugin</artifactId> <version>3.6.0</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-enforcer-plugin</artifactId> <version>3.5.0</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-deploy-plugin</artifactId> <version>3.1.4</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-failsafe-plugin</artifactId> <version>3.5.3</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-gpg-plugin</artifactId> <version>3.2.7</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-install-plugin</artifactId> <version>3.1.4</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jar-plugin</artifactId> <version>3.4.2</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-release-plugin</artifactId> <version>3.1.1</version> </plugin> <plugin> <groupId>org.sonatype.plugins</groupId> <artifactId>nexus-staging-maven-plugin</artifactId> <version>1.7.0</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-resources-plugin</artifactId> <version>3.3.1</version> <dependencies> <dependency> <groupId>org.owasp.maven-tools</groupId> <artifactId>velocity-whitespace-resource-filter</artifactId> <version>2.0.0</version> </dependency> </dependencies> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-site-plugin</artifactId> <version>3.21.0</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-plugin</artifactId> <version>3.5.3</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-antrun-plugin</artifactId> <version>3.1.0</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-source-plugin</artifactId> <version>3.3.1</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-javadoc-plugin</artifactId> <version>${maven-javadoc-plugin.version}</version> <configuration> <tags> <!-- see https://openjdk.org/jeps/8068562#Implementation the apiNote / implNote / implSpec need to be supplied to javadoc tool when used --> <tag> <name>implNote</name> <placement>a</placement> <head>Implementation Note:</head> </tag> </tags> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-checkstyle-plugin</artifactId> <version>${reporting.checkstyle-plugin.version}</version> <dependencies> <dependency> <groupId>com.puppycrawl.tools</groupId> <artifactId>checkstyle</artifactId> <version>${reporting.checkstyle.tool.version}</version> </dependency> </dependencies> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-invoker-plugin</artifactId> <version>3.9.0</version> <dependencies> <dependency> <groupId>org.codehaus.groovy</groupId> <artifactId>groovy-all</artifactId> <version>${groovy-all.version}</version> </dependency> </dependencies> </plugin> <plugin> <groupId>org.codehaus.gmavenplus</groupId> <artifactId>gmavenplus-plugin</artifactId> <version>${gmavenplus-plugin.version}</version> <dependencies> <dependency> <groupId>org.codehaus.groovy</groupId> <artifactId>groovy-all</artifactId> <version>${groovy-all.version}</version> <scope>runtime</scope> </dependency> </dependencies> </plugin> </plugins> </pluginManagement> <plugins> <plugin> <groupId>org.codehaus.gmavenplus</groupId> <artifactId>gmavenplus-plugin</artifactId> <dependencies> <dependency> <groupId>org.codehaus.groovy</groupId> <artifactId>groovy-all</artifactId> <version>${groovy-all.version}</version> <scope>runtime</scope> </dependency> </dependencies> <executions> <execution> <id>add-dynamic-properties-clean</id> <phase>pre-clean</phase> <goals> <goal>execute</goal> </goals> <configuration> <scripts> <script><![CDATA[ if ("dependency-check-parent".equals("${project.artifactId}")) { relConfig = "src/main/config" } else { relConfig = "../src/main/config" } project.properties['odc.config']= project.basedir.absoluteFile.toURI().resolve(relConfig).normalize().toString() ]]></script> </scripts> </configuration> </execution> <execution> <id>add-dynamic-properties-init</id> <phase>initialize</phase> <goals> <goal>execute</goal> </goals> <configuration> <scripts> <script><![CDATA[ if ("dependency-check-parent".equals("${project.artifactId}")) { relConfig = "src/main/config" } else { relConfig = "../src/main/config" } project.properties['odc.config']= project.basedir.absoluteFile.toURI().resolve(relConfig).normalize().toString() ]]></script> </scripts> </configuration> </execution> <execution> <id>add-dynamic-properties-site</id> <phase>pre-site</phase> <goals> <goal>execute</goal> </goals> <configuration> <scripts> <script><![CDATA[ if ("dependency-check-parent".equals("${project.artifactId}")) { relConfig = "src/main/config" } else { relConfig = "../src/main/config" } project.properties['odc.config']= project.basedir.absoluteFile.toURI().resolve(relConfig).normalize().toString() ]]></script> </scripts> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> <showDeprecation>true</showDeprecation> <compilerArgs> <arg>-Xlint</arg> </compilerArgs> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jar-plugin</artifactId> <configuration> <archive> <manifest> <addDefaultImplementationEntries>true</addDefaultImplementationEntries> </manifest> </archive> <excludes> <exclude>**/checkstyle*</exclude> </excludes> </configuration> </plugin> <plugin> <groupId>pl.project13.maven</groupId> <artifactId>git-commit-id-plugin</artifactId> <version>4.9.10</version> <executions> <execution> <id>git-info</id> <goals> <goal>revision</goal> </goals> <phase>initialize</phase> </execution> </executions> <configuration> <failOnNoGitDirectory>false</failOnNoGitDirectory> <dateFormat>yyyy-MM-dd'T'HH:mm:ss'Z'</dateFormat> <dateFormatTimeZone>Zulu</dateFormatTimeZone> <generateGitPropertiesFile>true</generateGitPropertiesFile> <gitDescribe> <tags>true</tags> </gitDescribe> <commitIdGenerationMode>full</commitIdGenerationMode> <excludeProperties> <excludeProperty>git.build.time</excludeProperty> <excludeProperty>git.build.user.*</excludeProperty> <excludeProperty>git.build.host</excludeProperty> <excludeProperty>git.commit.user.*</excludeProperty> <excludeProperty>git.tags</excludeProperty> <excludeProperty>git.total.commit.count</excludeProperty> </excludeProperties> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-artifact-plugin</artifactId> <version>3.6.0</version> <executions> <execution> <goals> <goal>buildinfo</goal> </goals> <phase>verify</phase> <configuration> <outputTimestamp>${git.commit.time}</outputTimestamp> <reproducible>true</reproducible> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-javadoc-plugin</artifactId> <version>${maven-javadoc-plugin.version}</version> <configuration> <failOnError>false</failOnError> <bottom>Copyright© 2012-21 Jeremy Long. All Rights Reserved.</bottom> <sourceFileExcludes> <exclude>**/generated-sources/**/*.java</exclude> </sourceFileExcludes> <detectJavaApiLink>false</detectJavaApiLink> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-enforcer-plugin</artifactId> <dependencies> <dependency> <groupId>org.owasp.maven.enforcer</groupId> <artifactId>class-file-format-rule</artifactId> <version>2.0.0</version> </dependency> </dependencies> <inherited>true</inherited> <executions> <execution> <id>enforce-java</id> <goals> <goal>enforce</goal> </goals> <configuration> <rules> <requireJavaVersion> <version>1.8.0</version> </requireJavaVersion> </rules> </configuration> </execution> <execution> <id>enforce-classfileformat</id> <configuration> <rules> <byteCodeRule implementation="org.owasp.maven.enforcer.rule.ClassFileFormatRule"> <supportedClassFileFormat>55</supportedClassFileFormat> </byteCodeRule> </rules> </configuration> <goals> <goal>enforce</goal> </goals> </execution> <execution> <id>enforce-maven-3</id> <goals> <goal>enforce</goal> </goals> <configuration> <rules> <requireMavenVersion> <version>[3.1,]</version> </requireMavenVersion> </rules> <fail>true</fail> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.jacoco</groupId> <artifactId>jacoco-maven-plugin</artifactId> <executions> <execution> <id>pre-unit-test</id> <goals> <goal>prepare-agent</goal> </goals> <configuration> <destFile>${project.basedir}/target/jacoco.exec</destFile> <propertyName>surefireArgLine</propertyName> <append>true</append> </configuration> </execution> <execution> <id>pre-integration-test</id> <phase>pre-integration-test</phase> <goals> <goal>prepare-agent</goal> </goals> <configuration> <destFile>${project.basedir}/target/jacoco.exec</destFile> <propertyName>failsafeArgLine</propertyName> <append>true</append> </configuration> </execution> <execution> <id>pre-invoker-test</id> <phase>pre-integration-test</phase> <goals> <goal>prepare-agent</goal> </goals> <configuration> <destFile>${project.basedir}/target/jacoco.exec</destFile> <propertyName>invoker.mavenOpts</propertyName> <append>true</append> </configuration> </execution> <execution> <id>default-report</id> <goals> <goal>report</goal> </goals> <configuration> <dataFile>${project.basedir}/target/jacoco.exec</dataFile> <outputDirectory>${project.basedir}/target/jacoco-results/</outputDirectory> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-plugin</artifactId> <configuration> <argLine>@{surefireArgLine} -Dfile.encoding=UTF-8</argLine> <systemPropertyVariables> <data.directory>${project.build.directory}/data</data.directory> <temp.directory>${project.build.directory}/temp</temp.directory> <analyzer.assembly.dotnet.path>${odc.dotnet.path}</analyzer.assembly.dotnet.path> </systemPropertyVariables> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-failsafe-plugin</artifactId> <configuration> <argLine>@{failsafeArgLine}</argLine> <systemPropertyVariables> <data.directory>${project.build.directory}/data</data.directory> <temp.directory>${project.build.directory}/temp</temp.directory> <analyzer.assembly.dotnet.path>${odc.dotnet.path}</analyzer.assembly.dotnet.path> </systemPropertyVariables> <excludes> <exclude>**/*MySqlIT.java</exclude> </excludes> </configuration> <executions> <execution> <goals> <goal>integration-test</goal> <goal>verify</goal> </goals> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-resources-plugin</artifactId> <executions> <execution> <id>site-filtering-hack</id> <phase>pre-site</phase> <goals> <goal>copy-resources</goal> </goals> <inherited>false</inherited> <configuration> <outputDirectory>${project.build.directory}/site/</outputDirectory> <resources> <resource> <directory>src/main/site-resources/</directory> <filtering>true</filtering> </resource> </resources> <encoding>UTF-8</encoding> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-site-plugin</artifactId> <configuration> <skipDeploy>true</skipDeploy> </configuration> </plugin> <plugin> <inherited>false</inherited> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-antrun-plugin</artifactId> <version>${maven-antrun-plugin.version}</version> <executions> <execution> <id>copy-xsd</id> <phase>compile</phase> <goals> <goal>run</goal> </goals> <configuration> <target name="copy xsd to site"> <copy todir="target/site/"> <fileset dir="core/src/main/resources/schema/"> <include name="**/*.xsd" /> </fileset> </copy> </target> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-release-plugin</artifactId> <configuration> <scmCommentPrefix>build:</scmCommentPrefix> <tagNameFormat>v@{project.version}</tagNameFormat> <arguments>-Dmaven.javadoc.skip=true -DskipTests -DskipITs</arguments> <updateWorkingCopyVersions>true</updateWorkingCopyVersions> <pushChanges>false</pushChanges> </configuration> </plugin> <plugin> <groupId>org.sonatype.plugins</groupId> <artifactId>nexus-staging-maven-plugin</artifactId> <extensions>true</extensions> <configuration> <serverId>ossrh</serverId> <nexusUrl>https://oss.sonatype.org/</nexusUrl> <autoReleaseAfterClose>true</autoReleaseAfterClose> <stagingProgressTimeoutMinutes>120</stagingProgressTimeoutMinutes> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-checkstyle-plugin</artifactId> <version>${reporting.checkstyle-plugin.version}</version> <executions> <execution> <inherited>false</inherited> <phase>verify</phase> <goals> <goal>checkstyle-aggregate</goal> </goals> </execution> </executions> <configuration> <outputFile>${project.build.directory}/checkstyle-result.sarif</outputFile> <outputFileFormat>sarif</outputFileFormat> <enableRulesSummary>false</enableRulesSummary> <enableFilesSummary>false</enableFilesSummary> <excludes>**/HelpMojo.java</excludes> <configLocation>${project.basedir}/src/main/config/checkstyle-checks.xml</configLocation> <headerLocation>${project.basedir}/src/main/config/checkstyle-header.txt</headerLocation> <suppressionsLocation>${project.basedir}/src/main/config/checkstyle-suppressions.xml</suppressionsLocation> <suppressionsFileExpression>checkstyle.suppressions.file</suppressionsFileExpression> </configuration> </plugin> <plugin> <groupId>com.github.spotbugs</groupId> <artifactId>spotbugs-maven-plugin</artifactId> <version>${spotbugs.maven.plugin.version}</version> <executions> <execution> <phase>verify</phase> <goals> <goal>spotbugs</goal> </goals> </execution> </executions> <configuration> <sarifOutput>true</sarifOutput> <excludeFilterFile>${odc.config}/spotbugs_excludes.xml</excludeFilterFile> </configuration> </plugin> </plugins> </build> <reporting> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-dependency-plugin</artifactId> <version>${maven-dependency-plugin.version}</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-javadoc-plugin</artifactId> <version>${maven-javadoc-plugin.version}</version> <reportSets> <reportSet> <id>default</id> <reports> <report>javadoc</report> </reports> <configuration> <failOnError>false</failOnError> <bottom>Copyright© 2012-24 Jeremy Long. All Rights Reserved.</bottom> <sourceFileExcludes> <exclude>**/generated-sources/**/*.java</exclude> </sourceFileExcludes> <detectJavaApiLink>false</detectJavaApiLink> </configuration> </reportSet> </reportSets> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jxr-plugin</artifactId> <version>${maven-jxr-plugin.version}</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-checkstyle-plugin</artifactId> <version>${reporting.checkstyle-plugin.version}</version> <configuration> <enableRulesSummary>false</enableRulesSummary> <enableFilesSummary>false</enableFilesSummary> <excludes>**/HelpMojo.java</excludes> <configLocation>${odc.config}/checkstyle-checks.xml</configLocation> <headerLocation>${odc.config}/checkstyle-header.txt</headerLocation> <suppressionsLocation>${odc.config}/checkstyle-suppressions.xml</suppressionsLocation> <suppressionsFileExpression>checkstyle.suppressions.file</suppressionsFileExpression> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-project-info-reports-plugin</artifactId> <version>${maven-project-info-reports-plugin.version}</version> <reportSets> <reportSet> <reports> <report>summary</report> <report>issue-management </report> <report>modules</report> <report>team</report> <report>scm</report> <report>ci-management</report> <report>licenses</report> </reports> </reportSet> </reportSets> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-report-plugin</artifactId> <version>${maven-surefire-report-plugin.version}</version> <reportSets> <reportSet> <reports> <report>report-only</report> <report>failsafe-report-only</report> </reports> </reportSet> </reportSets> </plugin> <plugin> <groupId>org.jacoco</groupId> <artifactId>jacoco-maven-plugin</artifactId> <version>${jacoco-maven-plugin.version}</version> <configuration> <dataFileIncludes> <dataFileInclude>${project.basedir}/target/jacoco.exec</dataFileInclude> </dataFileIncludes> </configuration> <reportSets> <reportSet> <reports> <report>report</report> </reports> </reportSet> </reportSets> </plugin> <plugin> <groupId>com.github.spotbugs</groupId> <artifactId>spotbugs-maven-plugin</artifactId> <version>${spotbugs.maven.plugin.version}</version> <configuration> <excludeFilterFile>${odc.config}/spotbugs_excludes.xml</excludeFilterFile> </configuration> </plugin> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>taglist-maven-plugin</artifactId> <version>${taglist-maven-plugin.version}</version> <configuration> <tagListOptions> <tagClasses> <tagClass> <displayName>Todo Work</displayName> <tags> <tag> <matchString>todo</matchString> <matchType>ignoreCase</matchType> </tag> <tag> <matchString>FIXME</matchString> <matchType>exact</matchType> </tag> </tags> </tagClass> </tagClasses> </tagListOptions> </configuration> </plugin> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>versions-maven-plugin</artifactId> <version>${versions-maven-plugin.version}</version> <reportSets> <reportSet> <reports> <report>dependency-updates-report</report> <report>plugin-updates-report</report> </reports> </reportSet> </reportSets> </plugin> </plugins> </reporting> <dependencyManagement> <dependencies> <dependency> <groupId>io.github.jeremylong</groupId> <artifactId>open-vulnerability-clients</artifactId> <version>7.3.2</version> </dependency> <dependency> <groupId>org.anarres.jdiagnostics</groupId> <artifactId>jdiagnostics</artifactId> <version>1.0.7</version> </dependency> <dependency> <groupId>org.mock-server</groupId> <artifactId>mockserver-core</artifactId> <version>${mock-server.version}</version> <scope>test</scope> </dependency> <dependency> <groupId>org.mock-server</groupId> <artifactId>mockserver-client-java</artifactId> <scope>test</scope> <version>${mock-server.version}</version> </dependency> <dependency> <groupId>org.mock-server</groupId> <artifactId>mockserver-junit-rule</artifactId> <version>${mock-server.version}</version> <scope>test</scope> </dependency> <dependency> <groupId>org.mockito</groupId> <artifactId>mockito-core</artifactId> <version>${mockito-core.version}</version> <scope>test</scope> </dependency> <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-jcs3-core</artifactId> <version>${commons-jcs-core.version}</version> </dependency> <dependency> <groupId>org.apache.httpcomponents.client5</groupId> <artifactId>httpclient5</artifactId> <version>${httpcomponents.client.version}</version> </dependency> <dependency> <groupId>org.apache.httpcomponents.core5</groupId> <artifactId>httpcore5</artifactId> <version>${httpcomponents.core.version}</version> </dependency> <dependency> <groupId>io.github.jeremylong</groupId> <artifactId>jcs3-slf4j</artifactId> <version>1.0.5</version> </dependency> <dependency> <groupId>commons-validator</groupId> <artifactId>commons-validator</artifactId> <version>1.9.0</version> </dependency> <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-dbcp2</artifactId> <version>2.13.0</version> </dependency> <dependency> <groupId>com.github.package-url</groupId> <artifactId>packageurl-java</artifactId> <version>1.5.0</version> </dependency> <dependency> <groupId>us.springett</groupId> <artifactId>cpe-parser</artifactId> <version>3.0.0</version> </dependency> <dependency> <groupId>com.github.spotbugs</groupId> <artifactId>spotbugs-annotations</artifactId> <version>${spotbugs.version}</version> <scope>compile</scope> <optional>true</optional> </dependency> <dependency> <groupId>org.whitesource</groupId> <artifactId>pecoff4j</artifactId> <version>0.0.2.1</version> </dependency> <dependency> <groupId>org.semver4j</groupId> <artifactId>semver4j</artifactId> <version>5.6.0</version> </dependency> <dependency> <groupId>org.jetbrains</groupId> <artifactId>annotations</artifactId> <version>${jetbrains.annotations.version}</version> </dependency> <dependency> <groupId>com.h2database</groupId> <artifactId>h2</artifactId> <version>${com.h2database.version}</version> </dependency> <dependency> <groupId>commons-cli</groupId> <artifactId>commons-cli</artifactId> <version>${commons-cli.version}</version> </dependency> <dependency><!--upgrade transitive dependency due to reported vulns--> <groupId>org.codehaus.plexus</groupId> <artifactId>plexus-utils</artifactId> <version>4.0.2</version> </dependency> <dependency> <!-- https://github.com/codehaus-plexus/plexus-utils/blob/master/README.md for Maven 3 compatibility plexus-xml should be at version 3.x --> <groupId>org.codehaus.plexus</groupId> <artifactId>plexus-xml</artifactId> <version>3.0.1</version> </dependency> <dependency> <groupId>com.fasterxml.jackson</groupId> <artifactId>jackson-bom</artifactId> <version>${jackson.version}</version> <type>pom</type> <scope>import</scope> </dependency> <dependency> <groupId>com.fasterxml.jackson.datatype</groupId> <artifactId>jackson-datatype-jsr310</artifactId> <version>${jackson.version}</version> </dependency> <dependency> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> <version>${commons-io.version}</version> </dependency> <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-lang3</artifactId> <version>${commons-lang3.version}</version> </dependency> <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-text</artifactId> <version>${commons-text.version}</version> </dependency> <dependency> <groupId>ch.qos.logback</groupId> <artifactId>logback-core</artifactId> <version>${logback.version}</version> </dependency> <dependency> <groupId>ch.qos.logback</groupId> <artifactId>logback-classic</artifactId> <version>${logback.version}</version> </dependency> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>${junit.version}</version> <exclusions> <exclusion> <!-- deprecated coordinates, replaced by org.hamcrest:hamcrest --> <groupId>org.hamcrest</groupId> <artifactId>hamcrest-core</artifactId> </exclusion> </exclusions> <scope>test</scope> </dependency> <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-compress</artifactId> <version>${commons-compress.version}</version> </dependency> <dependency> <groupId>org.apache.ant</groupId> <artifactId>ant</artifactId> <version>${apache.ant.version}</version> <exclusions> <exclusion> <groupId>com.sun</groupId> <artifactId>tools</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.apache.ant</groupId> <artifactId>ant-testutil</artifactId> <version>${apache.ant.version}</version> <exclusions> <exclusion> <groupId>com.sun</groupId> <artifactId>tools</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.apache.lucene</groupId> <artifactId>lucene-analysis-common</artifactId> <version>${apache.lucene.version}</version> </dependency> <dependency> <groupId>org.apache.lucene</groupId> <artifactId>lucene-core</artifactId> <version>${apache.lucene.version}</version> </dependency> <dependency> <groupId>org.apache.lucene</groupId> <artifactId>lucene-queryparser</artifactId> <version>${apache.lucene.version}</version> </dependency> <dependency> <groupId>org.apache.lucene</groupId> <artifactId>lucene-test-framework</artifactId> <version>${apache.lucene.version}</version> </dependency> <dependency> <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> <version>1.18.0</version> </dependency> <dependency> <groupId>com.h3xstream.retirejs</groupId> <artifactId>retirejs-core</artifactId> <version>${com.h3xstream.retirejs.core.version}</version> </dependency> <dependency> <groupId>org.apache.maven</groupId> <artifactId>maven-core</artifactId> <version>${maven.api.version}</version> </dependency> <dependency> <groupId>org.apache.maven.shared</groupId> <artifactId>maven-shared-utils</artifactId> <version>3.4.2</version> </dependency> <dependency> <groupId>org.apache.maven</groupId> <artifactId>maven-plugin-api</artifactId> <version>${maven.api.version}</version> </dependency> <dependency> <groupId>org.apache.maven.shared</groupId> <artifactId>file-management</artifactId> <version>${org.apache.maven.shared.file-management.version}</version> </dependency> <dependency> <groupId>org.apache.maven</groupId> <artifactId>maven-settings</artifactId> <version>${maven.api.version}</version> </dependency> <dependency> <groupId>org.apache.maven</groupId> <artifactId>maven-model</artifactId> <version>${maven.api.version}</version> <scope>provided</scope> </dependency> <dependency> <groupId>org.apache.maven</groupId> <artifactId>maven-artifact</artifactId> <version>${maven.api.version}</version> <scope>provided</scope> </dependency> <dependency> <groupId>org.apache.maven</groupId> <artifactId>maven-settings-builder</artifactId> <version>${maven.api.version}</version> <scope>provided</scope> </dependency> <dependency> <groupId>org.apache.maven.plugin-testing</groupId> <artifactId>maven-plugin-testing-harness</artifactId> <version>${maven-plugin-testing-harness.version}</version> </dependency> <dependency> <groupId>org.apache.maven.plugin-tools</groupId> <artifactId>maven-plugin-annotations</artifactId> <version>${maven-plugin-annotations.version}</version> <scope>provided</scope> </dependency> <dependency> <groupId>org.apache.maven.reporting</groupId> <artifactId>maven-reporting-api</artifactId> <version>${maven-reporting-api.version}</version> </dependency> <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-collections4</artifactId> <version>4.4</version> </dependency> <dependency> <groupId>org.apache.velocity</groupId> <artifactId>velocity-engine-core</artifactId> <version>${org.apache.velocity.version}</version> </dependency> <!-- upgrading beyond 2.2 requires reworking the dependency resolution --> <dependency> <groupId>org.apache.maven.shared</groupId> <artifactId>maven-dependency-tree</artifactId> <version>${maven-dependency-tree.version}</version> </dependency> <dependency> <groupId>org.glassfish</groupId> <artifactId>jakarta.json</artifactId> <version>${org.glassfish.jakarta.json.version}</version> </dependency> <dependency> <groupId>org.hamcrest</groupId> <artifactId>hamcrest</artifactId> <version>${hamcrest.version}</version> <scope>test</scope> </dependency> <dependency> <groupId>org.jsoup</groupId> <artifactId>jsoup</artifactId> <version>${jsoup.version}</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>${slf4j.version}</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-simple</artifactId> <version>${slf4j.version}</version> </dependency> <dependency> <groupId>org.apache.maven.shared</groupId> <artifactId>maven-artifact-transfer</artifactId> <version>${maven-artifact-transfer.version}</version> </dependency> <dependency> <groupId>org.apache.maven.shared</groupId> <artifactId>maven-common-artifact-filters</artifactId> <version>${maven-common-artifact-filters.version}</version> </dependency> <dependency> <groupId>org.apache.maven.doxia</groupId> <artifactId>doxia-sink-api</artifactId> <version>${doxia-base.version}</version> </dependency> <dependency> <groupId>com.github.spotbugs</groupId> <artifactId>spotbugs-annotations</artifactId> <version>${findbugs.spotbugs.version}</version> </dependency> <dependency> <groupId>org.sonatype.ossindex</groupId> <artifactId>ossindex-service-client</artifactId> <version>1.8.2</version> <exclusions> <exclusion> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> </exclusion> <exclusion> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpcore</artifactId> </exclusion> <exclusion> <groupId>com.google.guava</groupId> <artifactId>guava</artifactId> </exclusion> <exclusion> <groupId>org.slf4j</groupId> <artifactId>jcl-over-slf4j</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>com.google.guava</groupId> <artifactId>guava</artifactId> <version>33.4.6-jre</version> </dependency> <dependency> <groupId>com.hankcs</groupId> <artifactId>aho-corasick-double-array-trie</artifactId> <version>${aho-corasick-double-array-trie.version}</version> </dependency> <dependency> <groupId>org.eclipse.packager</groupId> <artifactId>packager-rpm</artifactId> <version>0.21.0</version> <exclusions> <exclusion> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> </exclusion> <exclusion> <groupId>org.bouncycastle</groupId> <artifactId>bcpg-jdk15on</artifactId> </exclusion> </exclusions> </dependency> </dependencies> </dependencyManagement> <dependencies> <!-- region generic test dependencies --> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.hamcrest</groupId> <artifactId>hamcrest</artifactId> <scope>test</scope> </dependency> <!-- endregion --> <!-- region generic annotation libraries for compile / codereview relevant annotations --> <dependency> <groupId>org.jetbrains</groupId> <artifactId>annotations</artifactId> <scope>compile</scope> <optional>true</optional> </dependency> <dependency> <groupId>com.github.spotbugs</groupId> <artifactId>spotbugs-annotations</artifactId> <scope>compile</scope> <optional>true</optional> </dependency> <dependency> <groupId>com.github.spotbugs</groupId> <artifactId>spotbugs-annotations</artifactId> <scope>compile</scope> <optional>true</optional> </dependency> <!-- endregion --> </dependencies> <profiles> <profile> <id>release</id> <activation> <activeByDefault>false</activeByDefault> </activation> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-gpg-plugin</artifactId> <version>3.2.7</version> <executions> <execution> <id>sign-artifacts</id> <phase>verify</phase> <goals> <goal>sign</goal> </goals> </execution> </executions> <configuration> <gpgArguments> <arg>--pinentry-mode</arg> <arg>loopback</arg> </gpgArguments> </configuration> </plugin> </plugins> </build> </profile> </profiles> </project>