dependency-check-parent
Used in:
components
- OverviewOverview
- VersionsVersions
- DependentsDependents
- DependenciesDependencies
<dependency>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-parent</artifactId>
<version>12.1.1</version>
</dependency><!--
This file is part of Dependency-Check.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Copyright (c) 2012 - Jeremy Long
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-parent</artifactId>
<version>12.1.1</version>
<packaging>pom</packaging>
<modules>
<module>utils</module>
<module>core</module>
<module>cli</module>
<module>ant</module>
<module>maven</module>
<module>archetype</module>
</modules>
<name>Dependency-Check</name>
<url>https://github.com/dependency-check/DependencyCheck.git</url>
<description>dependency-check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed vulnerabilities. This tool can be part of the solution to the OWASP Top 10 2013: A9 - Using Components with Known Vulnerabilities.</description>
<inceptionYear>2012</inceptionYear>
<organization>
<name>OWASP</name>
<url>https://www.owasp.org</url>
</organization>
<developers>
<developer>
<name>Jeremy Long</name>
<email>jeremy.long@owasp.org</email>
<organization>OWASP</organization>
<organizationUrl>https://www.owasp.org/</organizationUrl>
<roles>
<role>architect</role>
<role>developer</role>
</roles>
</developer>
<developer>
<name>Steve Springett</name>
<email>Steve.Springett@owasp.org</email>
<organization>OWASP</organization>
<organizationUrl>https://www.owasp.org/</organizationUrl>
<roles>
<role>developer</role>
</roles>
</developer>
<developer>
<name>Will Stranathan</name>
<email>Will.Stranathan@owasp.org</email>
<organization>OWASP</organization>
<organizationUrl>https://www.owasp.org/</organizationUrl>
<roles>
<role>developer</role>
</roles>
</developer>
<developer>
<name>Dale Visser</name>
<email>dvisser@ida.org</email>
<organization>Institute for Defense Analyses</organization>
<organizationUrl>https://www.ida.org/</organizationUrl>
<roles>
<role>developer</role>
</roles>
</developer>
</developers>
<contributors>
<contributor>
<name>Hugo Costa</name>
<organization>OWASP</organization>
<organizationUrl>https://www.owasp.org/</organizationUrl>
<roles>
<role>logo design</role>
</roles>
</contributor>
</contributors>
<scm>
<connection>scm:git:https://github.com/dependency-check/DependencyCheck.git</connection>
<url>https://github.com/dependency-check/DependencyCheck</url>
<developerConnection>scm:git:https://github.com/dependency-check/DependencyCheck.git</developerConnection>
<tag>v12.1.1</tag>
</scm>
<issueManagement>
<system>github</system>
<url>https://github.com/dependency-check/DependencyCheck/issues</url>
</issueManagement>
<ciManagement>
<system>github-actions</system>
<url>https://github.com/dependency-check/DependencyCheck/actions</url>
</ciManagement>
<licenses>
<license>
<name>The Apache Software License, Version 2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
</license>
</licenses>
<properties>
<maven.compiler.release>11</maven.compiler.release>
<!--reproducible build-->
<project.build.outputTimestamp>2025-04-05T11:23:00Z</project.build.outputTimestamp>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<github.global.server>github</github.global.server>
<apache.lucene.version>9.12.0</apache.lucene.version>
<apache.ant.version>1.10.15</apache.ant.version>
<!-- upgrading slf4j and logback can cause issues ;) https://github.com/dependency-check/DependencyCheck/issues/4846 -->
<slf4j.version>1.7.36</slf4j.version>
<logback.version>1.2.13</logback.version>
<maven.api.version>3.6.3</maven.api.version>
<reporting.checkstyle-plugin.version>3.6.0</reporting.checkstyle-plugin.version>
<reporting.checkstyle.tool.version>9.3</reporting.checkstyle.tool.version>
<doxia-base.version>2.0.0</doxia-base.version>
<maven-antrun-plugin.version>3.1.0</maven-antrun-plugin.version>
<maven-dependency-plugin.version>3.8.1</maven-dependency-plugin.version>
<maven-javadoc-plugin.version>3.11.2</maven-javadoc-plugin.version>
<!-- upgrading beyond 2.5 breaks maven site-->
<maven-jxr-plugin.version>2.5</maven-jxr-plugin.version>
<maven-project-info-reports-plugin.version>3.9.0</maven-project-info-reports-plugin.version>
<maven-surefire-report-plugin.version>3.5.3</maven-surefire-report-plugin.version>
<jacoco-maven-plugin.version>0.8.13</jacoco-maven-plugin.version>
<spotbugs.version>4.9.3</spotbugs.version>
<spotbugs.maven.plugin.version>4.9.3.0</spotbugs.maven.plugin.version>
<taglist-maven-plugin.version>3.2.1</taglist-maven-plugin.version>
<versions-maven-plugin.version>2.18.0</versions-maven-plugin.version>
<jetbrains.annotations.version>26.0.2</jetbrains.annotations.version>
<findbugs.spotbugs.version>4.9.3</findbugs.spotbugs.version>
<com.h2database.version>2.3.232</com.h2database.version>
<commons-cli.version>1.9.0</commons-cli.version>
<commons-io.version>2.18.0</commons-io.version>
<commons-lang3.version>3.17.0</commons-lang3.version>
<commons-text.version>1.13.0</commons-text.version>
<httpcomponents.client.version>5.4.3</httpcomponents.client.version>
<httpcomponents.core.version>5.3.4</httpcomponents.core.version>
<!-- note that logging will be noisy and broken until we upgrade to 3.2
See https://issues.apache.org/jira/browse/JCS-232 and
https://github.com/apache/commons-jcs/pull/120 -->
<commons-jcs-core.version>3.2.1</commons-jcs-core.version>
<aho-corasick-double-array-trie.version>1.2.3</aho-corasick-double-array-trie.version>
<junit.version>4.13.2</junit.version>
<hamcrest.version>3.0</hamcrest.version>
<mockito-core.version>5.12.0</mockito-core.version>
<jsoup.version>1.19.1</jsoup.version>
<commons-compress.version>1.27.1</commons-compress.version>
<org.apache.maven.shared.file-management.version>3.1.0</org.apache.maven.shared.file-management.version>
<maven-plugin-testing-harness.version>3.3.0</maven-plugin-testing-harness.version>
<maven-plugin-annotations.version>3.15.1</maven-plugin-annotations.version>
<maven-reporting-api.version>4.0.0</maven-reporting-api.version>
<org.apache.velocity.version>2.4.1</org.apache.velocity.version>
<maven-dependency-tree.version>3.3.0</maven-dependency-tree.version>
<org.glassfish.jakarta.json.version>2.0.1</org.glassfish.jakarta.json.version>
<maven-artifact-transfer.version>0.13.1</maven-artifact-transfer.version>
<maven-common-artifact-filters.version>3.4.0</maven-common-artifact-filters.version>
<groovy-all.version>2.4.21</groovy-all.version>
<gmavenplus-plugin.version>4.1.1</gmavenplus-plugin.version>
<com.h3xstream.retirejs.core.version>3.0.4</com.h3xstream.retirejs.core.version>
<jackson.version>2.18.3</jackson.version>
<!--necassary for some IDEs to be able to execute test cases (Netbeans)-->
<surefireArgLine />
<mock-server.version>5.15.0</mock-server.version>
</properties>
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
<site>
<id>gh-pages</id>
<name>gh-pages</name>
<url>https://dependency-check.github.io/DependencyCheck/</url>
</site>
</distributionManagement>
<build>
<defaultGoal>clean install</defaultGoal>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.jsonschema2pojo</groupId>
<artifactId>jsonschema2pojo-maven-plugin</artifactId>
<version>1.2.2</version>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>appassembler-maven-plugin</artifactId>
<version>2.1.0</version>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>${jacoco-maven-plugin.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<version>3.7.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
<version>3.4.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.14.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>${maven-dependency-plugin.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-artifact-plugin</artifactId>
<version>3.6.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.5.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<version>3.1.4</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-failsafe-plugin</artifactId>
<version>3.5.3</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.2.7</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<version>3.1.4</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>3.4.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>3.1.1</version>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.7.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>3.3.1</version>
<dependencies>
<dependency>
<groupId>org.owasp.maven-tools</groupId>
<artifactId>velocity-whitespace-resource-filter</artifactId>
<version>2.0.0</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
<version>3.21.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.5.3</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-antrun-plugin</artifactId>
<version>3.1.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>3.3.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>${maven-javadoc-plugin.version}</version>
<configuration>
<tags>
<!-- see https://openjdk.org/jeps/8068562#Implementation
the apiNote / implNote / implSpec
need to be supplied to javadoc tool when used
-->
<tag>
<name>implNote</name>
<placement>a</placement>
<head>Implementation Note:</head>
</tag>
</tags>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>${reporting.checkstyle-plugin.version}</version>
<dependencies>
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
<version>${reporting.checkstyle.tool.version}</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-invoker-plugin</artifactId>
<version>3.9.0</version>
<dependencies>
<dependency>
<groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-all</artifactId>
<version>${groovy-all.version}</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.codehaus.gmavenplus</groupId>
<artifactId>gmavenplus-plugin</artifactId>
<version>${gmavenplus-plugin.version}</version>
<dependencies>
<dependency>
<groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-all</artifactId>
<version>${groovy-all.version}</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>org.codehaus.gmavenplus</groupId>
<artifactId>gmavenplus-plugin</artifactId>
<dependencies>
<dependency>
<groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-all</artifactId>
<version>${groovy-all.version}</version>
<scope>runtime</scope>
</dependency>
</dependencies>
<executions>
<execution>
<id>add-dynamic-properties-clean</id>
<phase>pre-clean</phase>
<goals>
<goal>execute</goal>
</goals>
<configuration>
<scripts>
<script><![CDATA[
if ("dependency-check-parent".equals("${project.artifactId}")) {
relConfig = "src/main/config"
} else {
relConfig = "../src/main/config"
}
project.properties['odc.config']= project.basedir.absoluteFile.toURI().resolve(relConfig).normalize().toString()
]]></script>
</scripts>
</configuration>
</execution>
<execution>
<id>add-dynamic-properties-init</id>
<phase>initialize</phase>
<goals>
<goal>execute</goal>
</goals>
<configuration>
<scripts>
<script><![CDATA[
if ("dependency-check-parent".equals("${project.artifactId}")) {
relConfig = "src/main/config"
} else {
relConfig = "../src/main/config"
}
project.properties['odc.config']= project.basedir.absoluteFile.toURI().resolve(relConfig).normalize().toString()
]]></script>
</scripts>
</configuration>
</execution>
<execution>
<id>add-dynamic-properties-site</id>
<phase>pre-site</phase>
<goals>
<goal>execute</goal>
</goals>
<configuration>
<scripts>
<script><![CDATA[
if ("dependency-check-parent".equals("${project.artifactId}")) {
relConfig = "src/main/config"
} else {
relConfig = "../src/main/config"
}
project.properties['odc.config']= project.basedir.absoluteFile.toURI().resolve(relConfig).normalize().toString()
]]></script>
</scripts>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<showDeprecation>true</showDeprecation>
<compilerArgs>
<arg>-Xlint</arg>
</compilerArgs>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<configuration>
<archive>
<manifest>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
</manifest>
</archive>
<excludes>
<exclude>**/checkstyle*</exclude>
</excludes>
</configuration>
</plugin>
<plugin>
<groupId>pl.project13.maven</groupId>
<artifactId>git-commit-id-plugin</artifactId>
<version>4.9.10</version>
<executions>
<execution>
<id>git-info</id>
<goals>
<goal>revision</goal>
</goals>
<phase>initialize</phase>
</execution>
</executions>
<configuration>
<failOnNoGitDirectory>false</failOnNoGitDirectory>
<dateFormat>yyyy-MM-dd'T'HH:mm:ss'Z'</dateFormat>
<dateFormatTimeZone>Zulu</dateFormatTimeZone>
<generateGitPropertiesFile>true</generateGitPropertiesFile>
<gitDescribe>
<tags>true</tags>
</gitDescribe>
<commitIdGenerationMode>full</commitIdGenerationMode>
<excludeProperties>
<excludeProperty>git.build.time</excludeProperty>
<excludeProperty>git.build.user.*</excludeProperty>
<excludeProperty>git.build.host</excludeProperty>
<excludeProperty>git.commit.user.*</excludeProperty>
<excludeProperty>git.tags</excludeProperty>
<excludeProperty>git.total.commit.count</excludeProperty>
</excludeProperties>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-artifact-plugin</artifactId>
<version>3.6.0</version>
<executions>
<execution>
<goals>
<goal>buildinfo</goal>
</goals>
<phase>verify</phase>
<configuration>
<outputTimestamp>${git.commit.time}</outputTimestamp>
<reproducible>true</reproducible>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>${maven-javadoc-plugin.version}</version>
<configuration>
<failOnError>false</failOnError>
<bottom>Copyright© 2012-21 Jeremy Long. All Rights Reserved.</bottom>
<sourceFileExcludes>
<exclude>**/generated-sources/**/*.java</exclude>
</sourceFileExcludes>
<detectJavaApiLink>false</detectJavaApiLink>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<dependencies>
<dependency>
<groupId>org.owasp.maven.enforcer</groupId>
<artifactId>class-file-format-rule</artifactId>
<version>2.0.0</version>
</dependency>
</dependencies>
<inherited>true</inherited>
<executions>
<execution>
<id>enforce-java</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<requireJavaVersion>
<version>1.8.0</version>
</requireJavaVersion>
</rules>
</configuration>
</execution>
<execution>
<id>enforce-classfileformat</id>
<configuration>
<rules>
<byteCodeRule implementation="org.owasp.maven.enforcer.rule.ClassFileFormatRule">
<supportedClassFileFormat>55</supportedClassFileFormat>
</byteCodeRule>
</rules>
</configuration>
<goals>
<goal>enforce</goal>
</goals>
</execution>
<execution>
<id>enforce-maven-3</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<requireMavenVersion>
<version>[3.1,]</version>
</requireMavenVersion>
</rules>
<fail>true</fail>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<executions>
<execution>
<id>pre-unit-test</id>
<goals>
<goal>prepare-agent</goal>
</goals>
<configuration>
<destFile>${project.basedir}/target/jacoco.exec</destFile>
<propertyName>surefireArgLine</propertyName>
<append>true</append>
</configuration>
</execution>
<execution>
<id>pre-integration-test</id>
<phase>pre-integration-test</phase>
<goals>
<goal>prepare-agent</goal>
</goals>
<configuration>
<destFile>${project.basedir}/target/jacoco.exec</destFile>
<propertyName>failsafeArgLine</propertyName>
<append>true</append>
</configuration>
</execution>
<execution>
<id>pre-invoker-test</id>
<phase>pre-integration-test</phase>
<goals>
<goal>prepare-agent</goal>
</goals>
<configuration>
<destFile>${project.basedir}/target/jacoco.exec</destFile>
<propertyName>invoker.mavenOpts</propertyName>
<append>true</append>
</configuration>
</execution>
<execution>
<id>default-report</id>
<goals>
<goal>report</goal>
</goals>
<configuration>
<dataFile>${project.basedir}/target/jacoco.exec</dataFile>
<outputDirectory>${project.basedir}/target/jacoco-results/</outputDirectory>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<argLine>@{surefireArgLine} -Dfile.encoding=UTF-8</argLine>
<systemPropertyVariables>
<data.directory>${project.build.directory}/data</data.directory>
<temp.directory>${project.build.directory}/temp</temp.directory>
<analyzer.assembly.dotnet.path>${odc.dotnet.path}</analyzer.assembly.dotnet.path>
</systemPropertyVariables>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-failsafe-plugin</artifactId>
<configuration>
<argLine>@{failsafeArgLine}</argLine>
<systemPropertyVariables>
<data.directory>${project.build.directory}/data</data.directory>
<temp.directory>${project.build.directory}/temp</temp.directory>
<analyzer.assembly.dotnet.path>${odc.dotnet.path}</analyzer.assembly.dotnet.path>
</systemPropertyVariables>
<excludes>
<exclude>**/*MySqlIT.java</exclude>
</excludes>
</configuration>
<executions>
<execution>
<goals>
<goal>integration-test</goal>
<goal>verify</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<executions>
<execution>
<id>site-filtering-hack</id>
<phase>pre-site</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<inherited>false</inherited>
<configuration>
<outputDirectory>${project.build.directory}/site/</outputDirectory>
<resources>
<resource>
<directory>src/main/site-resources/</directory>
<filtering>true</filtering>
</resource>
</resources>
<encoding>UTF-8</encoding>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
<configuration>
<skipDeploy>true</skipDeploy>
</configuration>
</plugin>
<plugin>
<inherited>false</inherited>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-antrun-plugin</artifactId>
<version>${maven-antrun-plugin.version}</version>
<executions>
<execution>
<id>copy-xsd</id>
<phase>compile</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<target name="copy xsd to site">
<copy todir="target/site/">
<fileset dir="core/src/main/resources/schema/">
<include name="**/*.xsd" />
</fileset>
</copy>
</target>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<configuration>
<scmCommentPrefix>build:</scmCommentPrefix>
<tagNameFormat>v@{project.version}</tagNameFormat>
<arguments>-Dmaven.javadoc.skip=true -DskipTests -DskipITs</arguments>
<updateWorkingCopyVersions>true</updateWorkingCopyVersions>
<pushChanges>false</pushChanges>
</configuration>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>true</autoReleaseAfterClose>
<stagingProgressTimeoutMinutes>120</stagingProgressTimeoutMinutes>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>${reporting.checkstyle-plugin.version}</version>
<executions>
<execution>
<inherited>false</inherited>
<phase>verify</phase>
<goals>
<goal>checkstyle-aggregate</goal>
</goals>
</execution>
</executions>
<configuration>
<outputFile>${project.build.directory}/checkstyle-result.sarif</outputFile>
<outputFileFormat>sarif</outputFileFormat>
<enableRulesSummary>false</enableRulesSummary>
<enableFilesSummary>false</enableFilesSummary>
<excludes>**/HelpMojo.java</excludes>
<configLocation>${project.basedir}/src/main/config/checkstyle-checks.xml</configLocation>
<headerLocation>${project.basedir}/src/main/config/checkstyle-header.txt</headerLocation>
<suppressionsLocation>${project.basedir}/src/main/config/checkstyle-suppressions.xml</suppressionsLocation>
<suppressionsFileExpression>checkstyle.suppressions.file</suppressionsFileExpression>
</configuration>
</plugin>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>${spotbugs.maven.plugin.version}</version>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>spotbugs</goal>
</goals>
</execution>
</executions>
<configuration>
<sarifOutput>true</sarifOutput>
<excludeFilterFile>${odc.config}/spotbugs_excludes.xml</excludeFilterFile>
</configuration>
</plugin>
</plugins>
</build>
<reporting>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>${maven-dependency-plugin.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>${maven-javadoc-plugin.version}</version>
<reportSets>
<reportSet>
<id>default</id>
<reports>
<report>javadoc</report>
</reports>
<configuration>
<failOnError>false</failOnError>
<bottom>Copyright© 2012-24 Jeremy Long. All Rights Reserved.</bottom>
<sourceFileExcludes>
<exclude>**/generated-sources/**/*.java</exclude>
</sourceFileExcludes>
<detectJavaApiLink>false</detectJavaApiLink>
</configuration>
</reportSet>
</reportSets>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jxr-plugin</artifactId>
<version>${maven-jxr-plugin.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>${reporting.checkstyle-plugin.version}</version>
<configuration>
<enableRulesSummary>false</enableRulesSummary>
<enableFilesSummary>false</enableFilesSummary>
<excludes>**/HelpMojo.java</excludes>
<configLocation>${odc.config}/checkstyle-checks.xml</configLocation>
<headerLocation>${odc.config}/checkstyle-header.txt</headerLocation>
<suppressionsLocation>${odc.config}/checkstyle-suppressions.xml</suppressionsLocation>
<suppressionsFileExpression>checkstyle.suppressions.file</suppressionsFileExpression>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-project-info-reports-plugin</artifactId>
<version>${maven-project-info-reports-plugin.version}</version>
<reportSets>
<reportSet>
<reports>
<report>summary</report>
<report>issue-management </report>
<report>modules</report>
<report>team</report>
<report>scm</report>
<report>ci-management</report>
<report>licenses</report>
</reports>
</reportSet>
</reportSets>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-report-plugin</artifactId>
<version>${maven-surefire-report-plugin.version}</version>
<reportSets>
<reportSet>
<reports>
<report>report-only</report>
<report>failsafe-report-only</report>
</reports>
</reportSet>
</reportSets>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>${jacoco-maven-plugin.version}</version>
<configuration>
<dataFileIncludes>
<dataFileInclude>${project.basedir}/target/jacoco.exec</dataFileInclude>
</dataFileIncludes>
</configuration>
<reportSets>
<reportSet>
<reports>
<report>report</report>
</reports>
</reportSet>
</reportSets>
</plugin>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>${spotbugs.maven.plugin.version}</version>
<configuration>
<excludeFilterFile>${odc.config}/spotbugs_excludes.xml</excludeFilterFile>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>taglist-maven-plugin</artifactId>
<version>${taglist-maven-plugin.version}</version>
<configuration>
<tagListOptions>
<tagClasses>
<tagClass>
<displayName>Todo Work</displayName>
<tags>
<tag>
<matchString>todo</matchString>
<matchType>ignoreCase</matchType>
</tag>
<tag>
<matchString>FIXME</matchString>
<matchType>exact</matchType>
</tag>
</tags>
</tagClass>
</tagClasses>
</tagListOptions>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>${versions-maven-plugin.version}</version>
<reportSets>
<reportSet>
<reports>
<report>dependency-updates-report</report>
<report>plugin-updates-report</report>
</reports>
</reportSet>
</reportSets>
</plugin>
</plugins>
</reporting>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>io.github.jeremylong</groupId>
<artifactId>open-vulnerability-clients</artifactId>
<version>7.3.2</version>
</dependency>
<dependency>
<groupId>org.anarres.jdiagnostics</groupId>
<artifactId>jdiagnostics</artifactId>
<version>1.0.7</version>
</dependency>
<dependency>
<groupId>org.mock-server</groupId>
<artifactId>mockserver-core</artifactId>
<version>${mock-server.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mock-server</groupId>
<artifactId>mockserver-client-java</artifactId>
<scope>test</scope>
<version>${mock-server.version}</version>
</dependency>
<dependency>
<groupId>org.mock-server</groupId>
<artifactId>mockserver-junit-rule</artifactId>
<version>${mock-server.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>${mockito-core.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-jcs3-core</artifactId>
<version>${commons-jcs-core.version}</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents.client5</groupId>
<artifactId>httpclient5</artifactId>
<version>${httpcomponents.client.version}</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents.core5</groupId>
<artifactId>httpcore5</artifactId>
<version>${httpcomponents.core.version}</version>
</dependency>
<dependency>
<groupId>io.github.jeremylong</groupId>
<artifactId>jcs3-slf4j</artifactId>
<version>1.0.5</version>
</dependency>
<dependency>
<groupId>commons-validator</groupId>
<artifactId>commons-validator</artifactId>
<version>1.9.0</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-dbcp2</artifactId>
<version>2.13.0</version>
</dependency>
<dependency>
<groupId>com.github.package-url</groupId>
<artifactId>packageurl-java</artifactId>
<version>1.5.0</version>
</dependency>
<dependency>
<groupId>us.springett</groupId>
<artifactId>cpe-parser</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-annotations</artifactId>
<version>${spotbugs.version}</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.whitesource</groupId>
<artifactId>pecoff4j</artifactId>
<version>0.0.2.1</version>
</dependency>
<dependency>
<groupId>org.semver4j</groupId>
<artifactId>semver4j</artifactId>
<version>5.6.0</version>
</dependency>
<dependency>
<groupId>org.jetbrains</groupId>
<artifactId>annotations</artifactId>
<version>${jetbrains.annotations.version}</version>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>${com.h2database.version}</version>
</dependency>
<dependency>
<groupId>commons-cli</groupId>
<artifactId>commons-cli</artifactId>
<version>${commons-cli.version}</version>
</dependency>
<dependency><!--upgrade transitive dependency due to reported vulns-->
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
<version>4.0.2</version>
</dependency>
<dependency>
<!--
https://github.com/codehaus-plexus/plexus-utils/blob/master/README.md
for Maven 3 compatibility plexus-xml should be at version 3.x
-->
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-xml</artifactId>
<version>3.0.1</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-bom</artifactId>
<version>${jackson.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jsr310</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>${commons-io.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>${commons-lang3.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId>
<version>${commons-text.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>${logback.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>${logback.version}</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>${junit.version}</version>
<exclusions>
<exclusion>
<!-- deprecated coordinates, replaced by org.hamcrest:hamcrest -->
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-core</artifactId>
</exclusion>
</exclusions>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
<version>${commons-compress.version}</version>
</dependency>
<dependency>
<groupId>org.apache.ant</groupId>
<artifactId>ant</artifactId>
<version>${apache.ant.version}</version>
<exclusions>
<exclusion>
<groupId>com.sun</groupId>
<artifactId>tools</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.ant</groupId>
<artifactId>ant-testutil</artifactId>
<version>${apache.ant.version}</version>
<exclusions>
<exclusion>
<groupId>com.sun</groupId>
<artifactId>tools</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-analysis-common</artifactId>
<version>${apache.lucene.version}</version>
</dependency>
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-core</artifactId>
<version>${apache.lucene.version}</version>
</dependency>
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-queryparser</artifactId>
<version>${apache.lucene.version}</version>
</dependency>
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-test-framework</artifactId>
<version>${apache.lucene.version}</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.18.0</version>
</dependency>
<dependency>
<groupId>com.h3xstream.retirejs</groupId>
<artifactId>retirejs-core</artifactId>
<version>${com.h3xstream.retirejs.core.version}</version>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-core</artifactId>
<version>${maven.api.version}</version>
</dependency>
<dependency>
<groupId>org.apache.maven.shared</groupId>
<artifactId>maven-shared-utils</artifactId>
<version>3.4.2</version>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-plugin-api</artifactId>
<version>${maven.api.version}</version>
</dependency>
<dependency>
<groupId>org.apache.maven.shared</groupId>
<artifactId>file-management</artifactId>
<version>${org.apache.maven.shared.file-management.version}</version>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-settings</artifactId>
<version>${maven.api.version}</version>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-model</artifactId>
<version>${maven.api.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-artifact</artifactId>
<version>${maven.api.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-settings-builder</artifactId>
<version>${maven.api.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.maven.plugin-testing</groupId>
<artifactId>maven-plugin-testing-harness</artifactId>
<version>${maven-plugin-testing-harness.version}</version>
</dependency>
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-annotations</artifactId>
<version>${maven-plugin-annotations.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.maven.reporting</groupId>
<artifactId>maven-reporting-api</artifactId>
<version>${maven-reporting-api.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
<version>4.4</version>
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity-engine-core</artifactId>
<version>${org.apache.velocity.version}</version>
</dependency>
<!-- upgrading beyond 2.2 requires reworking the dependency resolution -->
<dependency>
<groupId>org.apache.maven.shared</groupId>
<artifactId>maven-dependency-tree</artifactId>
<version>${maven-dependency-tree.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish</groupId>
<artifactId>jakarta.json</artifactId>
<version>${org.glassfish.jakarta.json.version}</version>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest</artifactId>
<version>${hamcrest.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.jsoup</groupId>
<artifactId>jsoup</artifactId>
<version>${jsoup.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.apache.maven.shared</groupId>
<artifactId>maven-artifact-transfer</artifactId>
<version>${maven-artifact-transfer.version}</version>
</dependency>
<dependency>
<groupId>org.apache.maven.shared</groupId>
<artifactId>maven-common-artifact-filters</artifactId>
<version>${maven-common-artifact-filters.version}</version>
</dependency>
<dependency>
<groupId>org.apache.maven.doxia</groupId>
<artifactId>doxia-sink-api</artifactId>
<version>${doxia-base.version}</version>
</dependency>
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-annotations</artifactId>
<version>${findbugs.spotbugs.version}</version>
</dependency>
<dependency>
<groupId>org.sonatype.ossindex</groupId>
<artifactId>ossindex-service-client</artifactId>
<version>1.8.2</version>
<exclusions>
<exclusion>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
</exclusion>
<exclusion>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>33.4.6-jre</version>
</dependency>
<dependency>
<groupId>com.hankcs</groupId>
<artifactId>aho-corasick-double-array-trie</artifactId>
<version>${aho-corasick-double-array-trie.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.packager</groupId>
<artifactId>packager-rpm</artifactId>
<version>0.21.0</version>
<exclusions>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</exclusion>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpg-jdk15on</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<!-- region generic test dependencies -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest</artifactId>
<scope>test</scope>
</dependency>
<!-- endregion -->
<!-- region generic annotation libraries for compile / codereview relevant annotations -->
<dependency>
<groupId>org.jetbrains</groupId>
<artifactId>annotations</artifactId>
<scope>compile</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-annotations</artifactId>
<scope>compile</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-annotations</artifactId>
<scope>compile</scope>
<optional>true</optional>
</dependency>
<!-- endregion -->
</dependencies>
<profiles>
<profile>
<id>release</id>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.2.7</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<gpgArguments>
<arg>--pinentry-mode</arg>
<arg>loopback</arg>
</gpgArguments>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>
Open source consumption has exploded, with estimates placing this year’s downloads at over 6.6 trillion. This reliance on open source components, now making up to 90% of the modern software application, has ushered in both unprecedented innovation and complex challenges for software supply chains.
View the Report