sonar-zap-plugin
Used in:
components
- OverviewOverview
- VersionsVersions
- DependentsDependents
- DependenciesDependencies
<dependency>
<groupId>org.sonarsource.owasp</groupId>
<artifactId>sonar-zap-plugin</artifactId>
<version>2.3.0</version>
</dependency><?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.sonarsource.owasp</groupId>
<artifactId>sonar-zap-plugin</artifactId>
<version>2.3.0</version>
<packaging>sonar-plugin</packaging>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<license.owner>Gene Gotimer</license.owner>
<license.mailto>eugene.gotimer@steampunk.com</license.mailto>
<sonar.apiVersion>7.9.6</sonar.apiVersion>
<sonar.pluginClass>org.sonar.zaproxy.ZapPlugin</sonar.pluginClass>
<sonar.packaging.maven.plugin.version>1.20.0.405</sonar.packaging.maven.plugin.version>
<sonar.zaproxy.reportPath>${project.basedir}/src/test/resources/report/dvwa.xml</sonar.zaproxy.reportPath>
<sonar.zaproxy.htmlReportPath>${project.basedir}/src/test/resources/report/dvwa.html</sonar.zaproxy.htmlReportPath>
<docker.sonarqube>sonarqube:lts</docker.sonarqube>
<java.version>1.8</java.version>
<maven.version>3.5.4</maven.version>
<pmd.cpd.minimumTokens>50</pmd.cpd.minimumTokens>
<maven.clean.plugin.version>3.1.0</maven.clean.plugin.version>
<maven.resources.plugin.version>3.2.0</maven.resources.plugin.version>
<maven.compiler.plugin.version>3.8.1</maven.compiler.plugin.version>
<maven.surefire.plugin.version>2.22.2</maven.surefire.plugin.version>
<jacoco.maven.plugin.version>0.8.6</jacoco.maven.plugin.version>
<maven.jar.plugin.version>3.2.0</maven.jar.plugin.version>
<maven.install.plugin.version>2.5.2</maven.install.plugin.version>
<maven.deploy.plugin.version>2.8.2</maven.deploy.plugin.version>
<maven.release.plugin.version>2.5.3</maven.release.plugin.version>
<maven.checkstyle.plugin.version>3.1.1</maven.checkstyle.plugin.version>
<spotbugs.maven.plugin.version>4.1.4</spotbugs.maven.plugin.version>
<maven.pmd.plugin.version>3.13.0</maven.pmd.plugin.version>
<maven.enforcer.plugin.version>3.0.0-M3</maven.enforcer.plugin.version>
<native2ascii.maven.plugin.version>2.0.1</native2ascii.maven.plugin.version>
<maven.gpg.plugin.version>1.6</maven.gpg.plugin.version>
<nexus.staging.maven.plugin.version>1.6.8</nexus.staging.maven.plugin.version>
<maven.site.plugin.version>3.9.1</maven.site.plugin.version>
<maven.dependency.plugin.version>3.1.2</maven.dependency.plugin.version>
<maven.source.plugin.version>3.2.1</maven.source.plugin.version>
<maven.javadoc.plugin.version>3.2.0</maven.javadoc.plugin.version>
<lint.maven.plugin.version>0.0.11</lint.maven.plugin.version>
<pitest.maven.version>1.5.2</pitest.maven.version>
<pitest.junit5.plugin.version>0.14</pitest.junit5.plugin.version>
<license.maven.plugin.version>2.0.0</license.maven.plugin.version>
<docker.maven.plugin.version>0.34.1</docker.maven.plugin.version>
<frontend.maven.plugin.version>1.11.0</frontend.maven.plugin.version>
<commons.lang3.version>3.12.0</commons.lang3.version>
<jsr305.version>3.0.2</jsr305.version>
<staxmate.version>2.4.0</staxmate.version>
<junit.version>5.7.2</junit.version>
<assertj.version>3.19.0</assertj.version>
<mockito.version>3.10.0</mockito.version>
<nodejs.version>v14.15.3</nodejs.version>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.sonarsource.sonarqube</groupId>
<artifactId>sonar-plugin-api</artifactId>
<version>${sonar.apiVersion}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>${commons.lang3.version}</version>
</dependency>
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
<version>${jsr305.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.staxmate</groupId>
<artifactId>staxmate</artifactId>
<version>${staxmate.version}</version>
</dependency>
<!-- unit tests -->
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter</artifactId>
<version>${junit.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.assertj</groupId>
<artifactId>assertj-core</artifactId>
<version>${assertj.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>${mockito.version}</version>
<scope>test</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.sonarsource.sonarqube</groupId>
<artifactId>sonar-plugin-api</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.staxmate</groupId>
<artifactId>staxmate</artifactId>
</dependency>
<!-- unit tests -->
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter</artifactId>
</dependency>
<dependency>
<groupId>org.assertj</groupId>
<artifactId>assertj-core</artifactId>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
</dependency>
</dependencies>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>${maven.enforcer.plugin.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
<version>${maven.clean.plugin.version}</version>
<configuration>
<filesets>
<fileset>
<directory>node</directory>
</fileset>
<fileset>
<directory>node_modules</directory>
</fileset>
</filesets>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>${maven.resources.plugin.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>${maven.compiler.plugin.version}</version>
<configuration>
<source>${java.version}</source>
<target>${java.version}</target>
<compilerArgs>
<arg>-XDcompilePolicy=simple</arg>
</compilerArgs>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>${maven.surefire.plugin.version}</version>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>${jacoco.maven.plugin.version}</version>
<executions>
<execution>
<id>pre-unit-test</id>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
<execution>
<id>post-unit-test</id>
<phase>test</phase>
<goals>
<goal>report</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>${maven.jar.plugin.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<version>${maven.install.plugin.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<version>${maven.deploy.plugin.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>${maven.release.plugin.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>${maven.checkstyle.plugin.version}</version>
</plugin>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>${spotbugs.maven.plugin.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>${maven.pmd.plugin.version}</version>
<configuration>
<targetJdk>${java.version}</targetJdk>
<minimumTokens>${pmd.cpd.minimumTokens}</minimumTokens>
<typeResolution>true</typeResolution>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>${maven.dependency.plugin.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>${maven.source.plugin.version}</version>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>${maven.javadoc.plugin.version}</version>
<configuration>
<source>${java.version}</source>
<quiet>true</quiet>
</configuration>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.lewisd</groupId>
<artifactId>lint-maven-plugin</artifactId>
<version>${lint.maven.plugin.version}</version>
<executions>
<execution>
<id>pom-lint</id>
<phase>validate</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.pitest</groupId>
<artifactId>pitest-maven</artifactId>
<version>${pitest.maven.version}</version>
<dependencies>
<dependency>
<groupId>org.pitest</groupId>
<artifactId>pitest-junit5-plugin</artifactId>
<version>${pitest.junit5.plugin.version}</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
<version>${maven.site.plugin.version}</version>
</plugin>
<plugin>
<groupId>org.sonarsource.sonar-packaging-maven-plugin</groupId>
<artifactId>sonar-packaging-maven-plugin</artifactId>
<version>${sonar.packaging.maven.plugin.version}</version>
<extensions>true</extensions>
</plugin>
<plugin>
<!-- UTF-8 bundles are not supported by Java, so they must be converted during build -->
<groupId>org.codehaus.mojo</groupId>
<artifactId>native2ascii-maven-plugin</artifactId>
<version>${native2ascii.maven.plugin.version}</version>
<executions>
<execution>
<goals>
<goal>resources</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>${maven.gpg.plugin.version}</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>${nexus.staging.maven.plugin.version}</version>
<extensions>true</extensions>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>license-maven-plugin</artifactId>
<version>${license.maven.plugin.version}</version>
<executions>
<execution>
<id>update-license</id>
<goals>
<goal>update-file-header</goal>
</goals>
<phase>process-sources</phase>
</execution>
</executions>
</plugin>
<plugin>
<groupId>io.fabric8</groupId>
<artifactId>docker-maven-plugin</artifactId>
<version>${docker.maven.plugin.version}</version>
</plugin>
<plugin>
<groupId>com.github.eirslett</groupId>
<artifactId>frontend-maven-plugin</artifactId>
<version>${frontend.maven.plugin.version}</version>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>org.sonarsource.sonar-packaging-maven-plugin</groupId>
<artifactId>sonar-packaging-maven-plugin</artifactId>
<configuration>
<pluginClass>${sonar.pluginClass}</pluginClass>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<executions>
<execution>
<id>enforce</id>
<goals>
<goal>enforce</goal>
</goals>
</execution>
</executions>
<configuration>
<rules>
<requireMavenVersion>
<version>${maven.version}</version>
</requireMavenVersion>
<requireJavaVersion>
<version>${java.version}</version>
</requireJavaVersion>
<requirePluginVersions/>
<dependencyConvergence/>
<requireReleaseDeps/>
<banDuplicatePomDependencyVersions/>
<requireProperty>
<property>sonar.apiVersion</property>
<message>sonar.apiVersion is required by Sonar Packaging</message>
</requireProperty>
<requireProperty>
<property>sonar.pluginClass</property>
<message>sonar.pluginClass is required by Sonar Packaging</message>
</requireProperty>
<requireProperty>
<property>project.groupId</property>
<message>project.groupId is required by OSSRH Central Repository</message>
</requireProperty>
<requireProperty>
<property>project.artifactId</property>
<message>project.artifactId is required by OSSRH Central Repository</message>
</requireProperty>
<requireProperty>
<property>project.version</property>
<message>project.version is required by OSSRH Central Repository</message>
</requireProperty>
<requireProperty>
<property>project.name</property>
<message>project.name is required by OSSRH Central Repository</message>
</requireProperty>
<requireProperty>
<property>project.description</property>
<message>project.description is required by OSSRH Central Repository</message>
</requireProperty>
<requireProperty>
<property>project.url</property>
<message>project.url is required by OSSRH Central Repository</message>
</requireProperty>
<requireProperty>
<property>project.licenses</property>
<message>project.licenses is required by OSSRH Central Repository</message>
</requireProperty>
<requireProperty>
<property>project.developers</property>
<message>project.developers is required by OSSRH Central Repository</message>
</requireProperty>
<requireProperty>
<property>project.scm</property>
<message>project.scm is required by OSSRH Central Repository</message>
</requireProperty>
</rules>
</configuration>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>license-maven-plugin</artifactId>
<configuration>
<licenseName>gpl_v3</licenseName>
<organizationName>${license.owner} <${license.mailto}></organizationName>
<roots>
<root>src/main/java</root>
<root>src/test/java</root>
</roots>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
</plugin>
<plugin>
<groupId>com.github.eirslett</groupId>
<artifactId>frontend-maven-plugin</artifactId>
<executions>
<execution>
<phase>generate-resources</phase>
<id>install node and npm </id>
<goals>
<goal>install-node-and-npm</goal>
</goals>
<configuration>
<nodeVersion>${nodejs.version}</nodeVersion>
</configuration>
</execution>
<execution>
<phase>generate-resources</phase>
<id>npm install</id>
<goals>
<goal>npm</goal>
</goals>
<configuration>
<arguments>install</arguments>
</configuration>
</execution>
<execution>
<phase>generate-resources</phase>
<id>npm audit</id>
<goals>
<goal>npm</goal>
</goals>
<configuration>
<arguments>audit</arguments>
</configuration>
</execution>
<execution>
<phase>generate-resources</phase>
<id>npm run script</id>
<goals>
<goal>npm</goal>
</goals>
<configuration>
<arguments>run build</arguments>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<name>ZAP Plugin for SonarQube</name>
<description>Integrates ZAP reports into SonarQube</description>
<url>https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project</url>
<inceptionYear>2015</inceptionYear>
<licenses>
<license>
<name>GNU LGPL 3</name>
<url>http://www.gnu.org/licenses/lgpl.txt</url>
<distribution>repo</distribution>
</license>
</licenses>
<organization>
<name>OWASP</name>
<url>http://www.owasp.org</url>
</organization>
<developers>
<developer>
<id>OtherDevOpsGene</id>
<name>Gene Gotimer</name>
<email>eugene.gotimer@steampunk.com</email>
<timezone>America/New_York</timezone>
</developer>
<developer>
<name>Steve Springett</name>
<email>steve.springett@owasp.org</email>
<url>http://www.stevespringett.com</url>
</developer>
</developers>
<contributors>
<contributor>
<name>James Pether Sörling</name>
<organization>Hack23</organization>
<organizationUrl>https://www.hack23.com/</organizationUrl>
<properties>
<github>pethers</github>
</properties>
</contributor>
<contributor>
<name>pangyiwei</name>
<properties>
<github>pangyiwei</github>
</properties>
</contributor>
<contributor>
<name>Niklas Mehner</name>
<email>niklas.mehner@gmail.com</email>
</contributor>
</contributors>
<issueManagement>
<system>GitHub</system>
<url>https://github.com/OtherDevOpsGene/zap-sonar-plugin/issues</url>
</issueManagement>
<ciManagement>
<system>Travis CI</system>
<url>https://travis-ci.org/OtherDevOpsGene/zap-sonar-plugin</url>
</ciManagement>
<scm>
<connection>scm:git:https://github.com/OtherDevOpsGene/zap-sonar-plugin.git</connection>
<developerConnection>scm:git:git@github.com:OtherDevOpsGene/zap-sonar-plugin.git</developerConnection>
<url>https://github.com/OtherDevOpsGene/zap-sonar-plugin</url>
<tag>HEAD</tag>
</scm>
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
<profiles>
<profile>
<id>release</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<configuration>
<autoVersionSubmodules>true</autoVersionSubmodules>
<useReleaseProfile>false</useReleaseProfile>
<releaseProfiles>release</releaseProfiles>
<goals>deploy</goals>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>true</autoReleaseAfterClose>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>docker</id>
<activation>
<property>
<name>docker</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>io.fabric8</groupId>
<artifactId>docker-maven-plugin</artifactId>
<executions>
<execution>
<id>default</id>
<goals>
<goal>build</goal>
</goals>
</execution>
</executions>
<configuration>
<images>
<image>
<name>${project.groupId}/%a:%l</name>
<build>
<from>${docker.sonarqube}</from>
<labels>
<maintainer>${license.mailto}</maintainer>
</labels>
<assembly>
<descriptorRef>artifact</descriptorRef>
<targetDir>/opt/sonarqube/extensions/plugins/</targetDir>
</assembly>
</build>
</image>
</images>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>
Open source consumption has exploded, with estimates placing this year’s downloads at over 6.6 trillion. This reliance on open source components, now making up to 90% of the modern software application, has ushered in both unprecedented innovation and complex challenges for software supply chains.
View the Report