alpine-parent
Used in:
components
- OverviewOverview
- VersionsVersions
- DependentsDependents
- DependenciesDependencies
<dependency>
<groupId>us.springett</groupId>
<artifactId>alpine-parent</artifactId>
<version>3.2.0</version>
</dependency><?xml version="1.0" encoding="UTF-8"?>
<!--
~ This file is part of Alpine.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
~
~ SPDX-License-Identifier: Apache-2.0
~ Copyright (c) Steve Springett. All Rights Reserved.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>us.springett</groupId>
<artifactId>alpine-parent</artifactId>
<packaging>pom</packaging>
<version>3.2.0</version>
<modules>
<module>alpine-common</module>
<module>alpine-model</module>
<module>alpine-infra</module>
<module>alpine-server</module>
<module>alpine-executable-war</module>
</modules>
<name>alpine-parent</name>
<description>
An opinionated scaffolding library that jumpstarts Java projects with an API-first design,
secure defaults, and minimal dependencies.
</description>
<url>https://github.com/stevespringett/Alpine</url>
<inceptionYear>2016</inceptionYear>
<licenses>
<license>
<name>Apache-2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
<distribution>repo</distribution>
</license>
</licenses>
<developers>
<developer>
<name>Steve Springett</name>
<organizationUrl>http://stevespringett.com/</organizationUrl>
<roles>
<role>Architect</role>
<role>Developer</role>
</roles>
</developer>
</developers>
<scm>
<connection>scm:git:https://github.com/stevespringett/Alpine.git</connection>
<developerConnection>scm:git:https://github.com/stevespringett/Alpine.git</developerConnection>
<url>https://github.com/stevespringett/Alpine.git</url>
<tag>alpine-parent-3.2.0</tag>
</scm>
<issueManagement>
<system>GitHub</system>
<url>https://github.com/stevespringett/Alpine/issues</url>
</issueManagement>
<ciManagement>
<system>GitHub-Actions</system>
<url>https://github.com/stevespringett/Alpine/actions</url>
</ciManagement>
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
<properties>
<!-- Maven Build Properties -->
<maven.build.timestamp.format>yyyy-MM-dd'T'HH:mm:ss'Z'</maven.build.timestamp.format>
<maven.compiler.source>21</maven.compiler.source>
<maven.compiler.target>21</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<timestamp>${maven.build.timestamp}</timestamp>
<!-- Maven Plugin Versions -->
<maven.compiler.plugin.version>3.14.0</maven.compiler.plugin.version>
<maven.dependency.plugin.version>3.8.1</maven.dependency.plugin.version>
<maven.javadoc.plugin.version>3.11.2</maven.javadoc.plugin.version>
<maven.site.plugin.version>3.12.1</maven.site.plugin.version>
<maven.source.plugin.version>3.3.1</maven.source.plugin.version>
<maven.surefire.plugin.version>3.5.3</maven.surefire.plugin.version>
<maven.jar.plugin.version>3.4.2</maven.jar.plugin.version>
<maven.war.plugin.version>3.4.0</maven.war.plugin.version>
<maven.shade.plugin.version>3.6.0</maven.shade.plugin.version>
<maven.datanucleus.plugin.version>6.0.0-release</maven.datanucleus.plugin.version>
<maven.versions.plugin.version>2.18.0</maven.versions.plugin.version>
<maven.gpg.plugin.version>3.2.7</maven.gpg.plugin.version>
<maven.enforcer.plugin.version>3.5.0</maven.enforcer.plugin.version>
<maven.uuidgenerator.plugin.version>1.0.1</maven.uuidgenerator.plugin.version>
<maven.jacoco.plugin.version>0.8.12</maven.jacoco.plugin.version>
<maven.antrun.plugin.version>3.1.0</maven.antrun.plugin.version>
<maven.jarsigner.plugin.veresion>3.1.0</maven.jarsigner.plugin.veresion>
<!-- Software Security: Fortify SCA -->
<maven.fortify.plugin.version>18.20</maven.fortify.plugin.version>
<plugin.fortify.sca.debug>false</plugin.fortify.sca.debug>
<plugin.fortify.sca.verbose>false</plugin.fortify.sca.verbose>
<plugin.fortify.sca.sourcePath>${project.build.directory}/dependency-sources</plugin.fortify.sca.sourcePath>
<plugin.fortify.sca.buildId>${project.artifactId}</plugin.fortify.sca.buildId>
<plugin.fortify.sca.source.version>${maven.compiler.source}</plugin.fortify.sca.source.version>
<plugin.fortify.sca.findbugs>false</plugin.fortify.sca.findbugs>
<!-- Sonatype OSS Index -->
<maven.ossindex.plugin.version>3.2.0</maven.ossindex.plugin.version>
<plugin.ossindex.authId>ossindex</plugin.ossindex.authId>
<plugin.ossindex.cvssScoreThreshold>0.0</plugin.ossindex.cvssScoreThreshold>
<plugin.ossindex.excludeCoordinatesCsv />
<plugin.ossindex.excludeVulnerabilityIdsCsv />
<plugin.ossindex.fail>true</plugin.ossindex.fail>
<plugin.ossindex.reportFile>${project.build.directory}/ossindex.json</plugin.ossindex.reportFile>
<plugin.ossindex.scope>compile</plugin.ossindex.scope>
<plugin.ossindex.skip>false</plugin.ossindex.skip>
<plugin.ossindex.transitive>true</plugin.ossindex.transitive>
<!-- Software Security: Retire.js -->
<maven.retirejs.plugin.version>3.0.4</maven.retirejs.plugin.version>
<plugin.retirejs.breakOnFailure>true</plugin.retirejs.breakOnFailure>
<plugin.retirejs.webAppDir>${project.build.sourceDirectory}/../webapp</plugin.retirejs.webAppDir>
<plugin.retirejs.detail>true</plugin.retirejs.detail>
<plugin.retirejs.indentSize>4</plugin.retirejs.indentSize>
<!-- CycloneDX SBOM Creation -->
<maven.cyclonedx.plugin.version>2.9.1</maven.cyclonedx.plugin.version>
<plugin.cyclonedx.projectType>framework</plugin.cyclonedx.projectType>
<plugin.cyclonedx.schemaVersion>1.4</plugin.cyclonedx.schemaVersion>
<plugin.cyclonedx.outputFormat>all</plugin.cyclonedx.outputFormat>
<plugin.cyclonedx.includeCompileScope>true</plugin.cyclonedx.includeCompileScope>
<plugin.cyclonedx.includeProvidedScope>true</plugin.cyclonedx.includeProvidedScope>
<plugin.cyclonedx.includeRuntimeScope>true</plugin.cyclonedx.includeRuntimeScope>
<plugin.cyclonedx.includeSystemScope>true</plugin.cyclonedx.includeSystemScope>
<plugin.cyclonedx.includeTestScope>false</plugin.cyclonedx.includeTestScope>
<plugin.cyclonedx.includeLicenseText>false</plugin.cyclonedx.includeLicenseText>
<plugin.cyclonedx.outputReactorProjects>true</plugin.cyclonedx.outputReactorProjects>
<!-- Dependency Versions -->
<lib.alpine.executable.war.version>3.2.0</lib.alpine.executable.war.version>
<lib.angus-mail.version>2.0.3</lib.angus-mail.version>
<lib.bcrypt.version>0.4</lib.bcrypt.version>
<lib.caffeine.version>3.2.0</lib.caffeine.version>
<lib.commons.collections4.version>4.4</lib.commons.collections4.version>
<lib.commons.io.version>2.18.0</lib.commons.io.version>
<lib.commons.lang3.version>3.17.0</lib.commons.lang3.version>
<lib.datanucleus-api-jdo.version>6.0.4</lib.datanucleus-api-jdo.version>
<lib.datanucleus.version>6.0.10</lib.datanucleus.version>
<lib.datanucleus-rdbms.version>6.0.9</lib.datanucleus-rdbms.version>
<lib.h2.version>2.3.232</lib.h2.version>
<lib.hikaricp.version>6.3.0</lib.hikaricp.version>
<lib.javassist.version>3.30.2-GA</lib.javassist.version>
<lib.jackson.version>2.18.3</lib.jackson.version>
<lib.jackson-databind.version>2.18.3</lib.jackson-databind.version>
<lib.jakarta-json-api.version>2.1.3</lib.jakarta-json-api.version>
<lib.jakarta-mail-api.version>2.1.3</lib.jakarta-mail-api.version>
<lib.jakarta-servlet-api.version>6.1.0</lib.jakarta-servlet-api.version>
<lib.jakarta-xml-bind-api.version>4.0.2</lib.jakarta-xml-bind-api.version>
<lib.jaxb-runtime.version>4.0.5</lib.jaxb-runtime.version>
<lib.jdo.api.version>3.2.1</lib.jdo.api.version>
<lib.jersey.version>3.1.10</lib.jersey.version>
<lib.json-unit.version>4.1.0</lib.json-unit.version>
<lib.jsonwebtoken.version>0.12.6</lib.jsonwebtoken.version>
<lib.jsr305.version>3.0.2</lib.jsr305.version>
<lib.logback.version>1.5.18</lib.logback.version>
<lib.logstash-logback-encoder.version>8.0</lib.logstash-logback-encoder.version>
<lib.micrometer.version>1.14.5</lib.micrometer.version>
<lib.microprofile-health-api.version>4.0.1</lib.microprofile-health-api.version>
<lib.nimbus-oauth2-oidc-sdk.version>11.23.1</lib.nimbus-oauth2-oidc-sdk.version>
<lib.owasp.encoder.version>1.3.1</lib.owasp.encoder.version>
<lib.owasp.security-logging.version>1.1.7</lib.owasp.security-logging.version>
<lib.parsson.version>1.1.7</lib.parsson.version>
<lib.slf4j.version>2.0.17</lib.slf4j.version>
<lib.swagger.version>2.2.29</lib.swagger.version>
<!-- Unit test libraries -->
<lib.junit-jupiter.version>5.11.4</lib.junit-jupiter.version>
<lib.junit-pioneer.version>2.3.0</lib.junit-pioneer.version>
<lib.mockito.version>5.16.1</lib.mockito.version>
<lib.assertj.version>3.27.3</lib.assertj.version>
<lib.wiremock.version>2.35.2</lib.wiremock.version>
<war-embedded-finalname>${project.build.finalName}</war-embedded-finalname>
<!-- Logback configuration - Used for Embedded Jetty profile -->
<logback.configuration.file>${project.build.directory}/classes/logback.xml</logback.configuration.file>
</properties>
<dependencyManagement>
<dependencies>
<!-- Misc helper libraries -->
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>${lib.commons.io.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>${lib.commons.lang3.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
<version>${lib.commons.collections4.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.core</groupId>
<artifactId>jersey-client</artifactId>
<version>${lib.jersey.version}</version>
</dependency>
<!-- Server architecture -->
<dependency>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<version>${lib.jakarta-servlet-api.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.containers</groupId>
<artifactId>jersey-container-servlet</artifactId>
<version>${lib.jersey.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.media</groupId>
<artifactId>jersey-media-json-jackson</artifactId>
<version>${lib.jersey.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.media</groupId>
<artifactId>jersey-media-multipart</artifactId>
<version>${lib.jersey.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.ext</groupId>
<artifactId>jersey-bean-validation</artifactId>
<version>${lib.jersey.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.inject</groupId>
<artifactId>jersey-hk2</artifactId>
<version>${lib.jersey.version}</version>
</dependency>
<!-- JAXB -->
<dependency>
<groupId>jakarta.xml.bind</groupId>
<artifactId>jakarta.xml.bind-api</artifactId>
<version>${lib.jakarta-xml-bind-api.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-runtime</artifactId>
<version>${lib.jaxb-runtime.version}</version>
</dependency>
<!-- JSON API specification and default implementation -->
<dependency>
<groupId>jakarta.json</groupId>
<artifactId>jakarta.json-api</artifactId>
<version>${lib.jakarta-json-api.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.parsson</groupId>
<artifactId>jakarta.json</artifactId>
<version>${lib.parsson.version}</version>
</dependency>
<!-- OpenAPI -->
<dependency>
<groupId>io.swagger.core.v3</groupId>
<artifactId>swagger-annotations-jakarta</artifactId>
<version>${lib.swagger.version}</version>
</dependency>
<!-- Persistence -->
<dependency>
<groupId>org.datanucleus</groupId>
<artifactId>javax.jdo</artifactId>
<version>${lib.jdo.api.version}</version>
</dependency>
<dependency>
<groupId>org.datanucleus</groupId>
<artifactId>datanucleus-api-jdo</artifactId>
<version>${lib.datanucleus-api-jdo.version}</version>
</dependency>
<dependency>
<groupId>org.datanucleus</groupId>
<artifactId>datanucleus-core</artifactId>
<version>${lib.datanucleus.version}</version>
</dependency>
<dependency>
<groupId>org.datanucleus</groupId>
<artifactId>datanucleus-rdbms</artifactId>
<version>${lib.datanucleus-rdbms.version}</version>
</dependency>
<!--
<dependency>
<groupId>org.datanucleus</groupId>
<artifactId>datanucleus-jdo-query</artifactId>
<version>${lib.datanucleus-jdo-query.version}</version>
</dependency>
-->
<dependency>
<groupId>com.zaxxer</groupId>
<artifactId>HikariCP</artifactId>
<version>${lib.hikaricp.version}</version>
</dependency>
<dependency>
<groupId>org.javassist</groupId>
<artifactId>javassist</artifactId>
<version>${lib.javassist.version}</version>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>${lib.h2.version}</version>
</dependency>
<!-- Authentication and Authorization -->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>${lib.jsonwebtoken.version}</version>
</dependency>
<dependency>
<groupId>org.mindrot</groupId>
<artifactId>jbcrypt</artifactId>
<version>${lib.bcrypt.version}</version>
</dependency>
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>oauth2-oidc-sdk</artifactId>
<version>${lib.nimbus-oauth2-oidc-sdk.version}</version>
</dependency>
<!-- JAX-RS JSON -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${lib.jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${lib.jackson-databind.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${lib.jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.jakarta.rs</groupId>
<artifactId>jackson-jakarta-rs-base</artifactId>
<version>${lib.jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.jakarta.rs</groupId>
<artifactId>jackson-jakarta-rs-json-provider</artifactId>
<version>${lib.jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jdk8</artifactId>
<version>${lib.jackson.version}</version>
</dependency>
<!-- Metrics -->
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-prometheus</artifactId>
<version>${lib.micrometer.version}</version>
</dependency>
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-prometheus-simpleclient</artifactId>
<version>${lib.micrometer.version}</version>
</dependency>
<!-- Health -->
<dependency>
<groupId>org.eclipse.microprofile.health</groupId>
<artifactId>microprofile-health-api</artifactId>
<version>${lib.microprofile-health-api.version}</version>
</dependency>
<!-- Logging -->
<!-- Overriding OWASP Security Logging dependencies with newer versions -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${lib.slf4j.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>${lib.logback.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>${lib.logback.version}</version>
</dependency>
<dependency>
<groupId>org.owasp</groupId>
<artifactId>security-logging-common</artifactId>
<version>${lib.owasp.security-logging.version}</version>
</dependency>
<dependency>
<groupId>org.owasp</groupId>
<artifactId>security-logging-logback</artifactId>
<version>${lib.owasp.security-logging.version}</version>
</dependency>
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
<version>${lib.logstash-logback-encoder.version}</version>
</dependency>
<!-- XSS prevention -->
<dependency>
<groupId>org.owasp.encoder</groupId>
<artifactId>encoder</artifactId>
<version>${lib.owasp.encoder.version}</version>
</dependency>
<dependency>
<groupId>org.owasp.encoder</groupId>
<artifactId>encoder-jsp</artifactId>
<version>${lib.owasp.encoder.version}</version>
</dependency>
<!-- JavaMail API -->
<dependency>
<groupId>jakarta.mail</groupId>
<artifactId>jakarta.mail-api</artifactId>
<version>${lib.jakarta-mail-api.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.angus</groupId>
<artifactId>angus-mail</artifactId>
<version>${lib.angus-mail.version}</version>
</dependency>
<!-- Quality -->
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
<version>${lib.jsr305.version}</version>
</dependency>
<!-- Object cache -->
<dependency>
<groupId>com.github.ben-manes.caffeine</groupId>
<artifactId>caffeine</artifactId>
<version>${lib.caffeine.version}</version>
</dependency>
<!-- Unit Tests -->
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter</artifactId>
<version>${lib.junit-jupiter.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.junit-pioneer</groupId>
<artifactId>junit-pioneer</artifactId>
<version>${lib.junit-pioneer.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.test-framework.providers</groupId>
<artifactId>jersey-test-framework-provider-grizzly2</artifactId>
<version>${lib.jersey.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>${lib.mockito.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.assertj</groupId>
<artifactId>assertj-core</artifactId>
<version>${lib.assertj.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>net.javacrumbs.json-unit</groupId>
<artifactId>json-unit-assertj</artifactId>
<version>${lib.json-unit.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.github.tomakehurst</groupId>
<artifactId>wiremock-jre8-standalone</artifactId>
<version>${lib.wiremock.version}</version>
<scope>test</scope>
</dependency>
</dependencies>
</dependencyManagement>
<prerequisites>
<maven>3.6.0</maven>
</prerequisites>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.datanucleus</groupId>
<artifactId>datanucleus-maven-plugin</artifactId>
<version>${maven.datanucleus.plugin.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<version>${maven.jarsigner.plugin.veresion}</version>
<executions>
<execution>
<id>sign</id>
<goals>
<goal>sign</goal>
</goals>
</execution>
<execution>
<id>verify</id>
<goals>
<goal>verify</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>${maven.compiler.plugin.version}</version>
<configuration>
<source>${maven.compiler.source}</source>
<target>${maven.compiler.target}</target>
<compilerArgs>
<arg>-Xlint:all</arg>
<arg>-Xlint:-processing</arg>
<arg>-Xlint:-serial</arg>
<!-- <arg>-Werror</arg> -->
</compilerArgs>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>${maven.surefire.plugin.version}</version>
<configuration>
<argLine>@{argLine} --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.lang=ALL-UNNAMED</argLine>
<reuseForks>false</reuseForks>
<forkCount>1</forkCount>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>${maven.jar.plugin.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>${maven.war.plugin.version}</version>
</plugin>
<plugin>
<groupId>us.springett</groupId>
<artifactId>maven-uuid-generator</artifactId>
<version>${maven.uuidgenerator.plugin.version}</version>
<executions>
<execution>
<id>generate-uuid</id>
<phase>initialize</phase>
<goals>
<goal>generate</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-maven-plugin</artifactId>
<version>${maven.cyclonedx.plugin.version}</version>
<executions>
<execution>
<id>cyclonedx-aggregate</id>
<phase>prepare-package</phase>
<goals>
<goal>makeAggregateBom</goal>
</goals>
</execution>
</executions>
<configuration>
<projectType>${plugin.cyclonedx.projectType}</projectType>
<schemaVersion>${plugin.cyclonedx.schemaVersion}</schemaVersion>
<includeCompileScope>${plugin.cyclonedx.includeCompileScope}</includeCompileScope>
<includeProvidedScope>${plugin.cyclonedx.includeProvidedScope}</includeProvidedScope>
<includeRuntimeScope>${plugin.cyclonedx.includeRuntimeScope}</includeRuntimeScope>
<includeSystemScope>${plugin.cyclonedx.includeSystemScope}</includeSystemScope>
<includeTestScope>${plugin.cyclonedx.includeTestScope}</includeTestScope>
<includeLicenseText>${plugin.cyclonedx.includeLicenseText}</includeLicenseText>
<outputReactorProjects>${plugin.cyclonedx.outputReactorProjects}</outputReactorProjects>
<outputFormat>${plugin.cyclonedx.outputFormat}</outputFormat>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>${maven.javadoc.plugin.version}</version>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>${maven.source.plugin.version}</version>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>${maven.jacoco.plugin.version}</version>
<executions>
<execution>
<id>prepare-agent</id>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
<execution>
<id>report</id>
<phase>prepare-package</phase>
<goals>
<goal>report</goal>
</goals>
</execution>
<execution>
<id>post-unit-test</id>
<phase>test</phase>
<goals>
<goal>report</goal>
</goals>
<configuration>
<!-- Sets the path to the file which contains the execution data. -->
<dataFile>target/jacoco.exec</dataFile>
<!-- Sets the output directory for the code coverage report. -->
<outputDirectory>target/jacoco-ut</outputDirectory>
</configuration>
</execution>
</executions>
<configuration>
<destFile>target/jacoco.exec</destFile>
</configuration>
</plugin>
</plugins>
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>false</filtering>
</resource>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
<includes>
<include>alpine.version</include>
<include>application.properties</include>
</includes>
</resource>
</resources>
</build>
<profiles>
<profile>
<id>enhance</id>
<build>
<plugins>
<plugin>
<groupId>org.datanucleus</groupId>
<artifactId>datanucleus-maven-plugin</artifactId>
<configuration>
<api>JDO</api>
<persistenceUnitName>Alpine</persistenceUnitName>
<verbose>true</verbose>
<fork>false</fork>
</configuration>
<executions>
<execution>
<phase>process-classes</phase>
<goals>
<goal>enhance</goal>
</goals>
</execution>
</executions>
<dependencies>
<!--
The DataNucleus Enhancer still depends on SLF4J 1.x and will
fail if that version is not present.
-->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.36</version>
</dependency>
</dependencies>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>fortify</id>
<!-- Only activate this profile if you're a Fortify customer, have the required
Fortify Maven plugin installed, and SCA installed and configured. -->
<activation>
<property>
<name>env.ACTIVATE_FORTIFY</name>
<value>true</value>
</property>
</activation>
<build>
<defaultGoal>process-classes</defaultGoal>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>${maven.dependency.plugin.version}</version>
<executions>
<execution>
<id>src-dependencies</id>
<phase>process-sources</phase>
<goals>
<goal>unpack-dependencies</goal>
</goals>
<configuration>
<classifier>sources</classifier>
<includeScope>compile</includeScope>
<failOnMissingClassifierArtifact>false</failOnMissingClassifierArtifact>
<outputDirectory>${plugin.fortify.sca.sourcePath}</outputDirectory>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.fortify.sca.plugins.maven</groupId>
<artifactId>sca-maven-plugin</artifactId>
<version>${maven.fortify.plugin.version}</version>
<configuration>
<buildId>${plugin.fortify.sca.buildId}</buildId>
<sourcePath>${plugin.fortify.sca.sourcePath}</sourcePath>
<debug>${plugin.fortify.sca.debug}</debug>
<verbose>${plugin.fortify.sca.verbose}</verbose>
<source>${plugin.fortify.sca.source.version}</source>
<findbugs>${plugin.fortify.sca.findbugs}</findbugs>
</configuration>
<executions>
<execution>
<id>sca-clean</id>
<phase>clean</phase>
<goals>
<goal>clean</goal>
</goals>
</execution>
<execution>
<id>sca-translate</id>
<phase>process-classes</phase>
<goals>
<goal>translate</goal>
</goals>
</execution>
<execution>
<id>sca-scan</id>
<phase>package</phase>
<goals>
<goal>scan</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>component-analysis</id>
<!-- Activate this profile to check third-party components for known vulnerabilities
using Sonatype OSS Index and Retire.js. -->
<activation>
<property>
<name>env.ACTIVATE_COMPONENT_ANALYSIS</name>
<value>true</value>
</property>
</activation>
<build>
<defaultGoal>package</defaultGoal>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonatype.ossindex.maven</groupId>
<artifactId>ossindex-maven-plugin</artifactId>
<version>${maven.ossindex.plugin.version}</version>
<configuration>
<authId>${plugin.ossindex.authId}</authId>
<cvssScoreThreshold>${plugin.ossindex.cvssScoreThreshold}</cvssScoreThreshold>
<excludeCoordinatesCsv>${plugin.ossindex.excludeCoordinatesCsv}</excludeCoordinatesCsv>
<excludeVulnerabilityIdsCsv>${plugin.ossindex.excludeVulnerabilityIdsCsv}</excludeVulnerabilityIdsCsv>
<fail>${plugin.ossindex.fail}</fail>
<reportFile>${plugin.ossindex.reportFile}</reportFile>
<scope>${plugin.ossindex.scope}</scope>
<skip>${plugin.ossindex.skip}</skip>
<transitive>${plugin.ossindex.transitive}</transitive>
</configuration>
<executions>
<execution>
<id>audit-dependencies</id>
<phase>validate</phase>
<goals>
<goal>audit</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>${maven.versions.plugin.version}</version>
<inherited>true</inherited>
<executions>
<execution>
<id>maven-versions</id>
<phase>test</phase>
<goals>
<goal>display-dependency-updates</goal>
<goal>display-plugin-updates</goal>
<goal>display-property-updates</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>${maven.dependency.plugin.version}</version>
<executions>
<execution>
<id>tree-dependencies</id>
<phase>test</phase>
<goals>
<goal>analyze-only</goal>
<goal>tree</goal>
</goals>
<configuration>
<outputFile>${project.build.directory}/dependency-tree.txt</outputFile>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.h3xstream.retirejs</groupId>
<artifactId>retirejs-maven-plugin</artifactId>
<version>${maven.retirejs.plugin.version}</version>
<configuration>
<breakOnFailure>${plugin.retirejs.breakOnFailure}</breakOnFailure>
<webAppDirectory>${plugin.retirejs.webAppDir}</webAppDirectory>
<detail>${plugin.retirejs.detail}</detail>
<indentSize>${plugin.retirejs.indentSize}</indentSize>
</configuration>
<executions>
<execution>
<id>retire-js</id>
<phase>test</phase>
<goals>
<goal>scan</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.ossindex.maven</groupId>
<artifactId>ossindex-maven-plugin</artifactId>
<version>${maven.ossindex.plugin.version}</version>
<configuration>
<authId>${plugin.ossindex.authId}</authId>
<cvssScoreThreshold>${plugin.ossindex.cvssScoreThreshold}</cvssScoreThreshold>
<excludeCoordinatesCsv>${plugin.ossindex.excludeCoordinatesCsv}</excludeCoordinatesCsv>
<excludeVulnerabilityIdsCsv>${plugin.ossindex.excludeVulnerabilityIdsCsv}</excludeVulnerabilityIdsCsv>
<fail>${plugin.ossindex.fail}</fail>
<reportFile>${plugin.ossindex.reportFile}</reportFile>
<scope>${plugin.ossindex.scope}</scope>
<skip>${plugin.ossindex.skip}</skip>
<transitive>${plugin.ossindex.transitive}</transitive>
</configuration>
<executions>
<execution>
<id>audit-dependencies</id>
<phase>test</phase>
<goals>
<goal>audit</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>embedded-jetty</id>
<activation>
<property>
<name>env.ACTIVATE_EMBEDDED_JETTY</name>
<value>true</value>
</property>
</activation>
<dependencies>
<!-- Executable WAR with embedded Jetty -->
<dependency>
<groupId>us.springett</groupId>
<artifactId>alpine-executable-war</artifactId>
<version>${lib.alpine.executable.war.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.owasp</groupId>
<artifactId>security-logging-common</artifactId>
</dependency>
<dependency>
<groupId>org.owasp</groupId>
<artifactId>security-logging-logback</artifactId>
</dependency>
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>
</dependencies>
<build>
<defaultGoal>package</defaultGoal>
<plugins>
<plugin>
<groupId>com.coderplus.maven.plugins</groupId>
<artifactId>copy-rename-maven-plugin</artifactId>
<version>1.0.1</version>
<executions>
<execution>
<id>copy-and-rename-file</id>
<phase>compile</phase>
<goals>
<goal>copy</goal>
</goals>
<configuration>
<sourceFile>${logback.configuration.file}</sourceFile>
<destinationFile>${project.build.directory}/${project.build.finalName}/logback.xml</destinationFile>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>${maven.war.plugin.version}</version>
<configuration>
<warName>${war-embedded-finalname}</warName>
<archive>
<manifest>
<mainClass>alpine.embedded.EmbeddedJettyServer</mainClass>
</manifest>
</archive>
<packagingExcludes>WEB-INF/lib/executable-war-*.jar</packagingExcludes>
<dependentWarExcludes>WEB-INF/lib/*log4j*.jar,WEB-INF/lib/*slf4j*.jar</dependentWarExcludes>
<overlays>
<overlay>
<groupId>us.springett</groupId>
<artifactId>alpine-executable-war</artifactId>
<type>jar</type>
</overlay>
<overlay>
<groupId>org.owasp</groupId>
<artifactId>security-logging-common</artifactId>
<type>jar</type>
</overlay>
<overlay>
<groupId>org.owasp</groupId>
<artifactId>security-logging-logback</artifactId>
<type>jar</type>
</overlay>
<overlay>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
<type>jar</type>
</overlay>
<overlay>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<type>jar</type>
</overlay>
<overlay>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<type>jar</type>
</overlay>
<overlay>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<type>jar</type>
</overlay>
</overlays>
</configuration>
</plugin>
<!-- Not ideal to include Ant, however, after trying copy-rename-maven-plugin, the resulting
executable war always had DEBUG logging on when executed. Really odd behavior. Using the Move
target within Ant seems to work fine without the weird logging issue in the resulting jar. -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-antrun-plugin</artifactId>
<version>${maven.antrun.plugin.version}</version>
<executions>
<execution>
<id>rename-war-file</id>
<phase>package</phase>
<configuration>
<target>
<move file="${project.build.directory}/${war-embedded-finalname}.war" tofile="${project.build.directory}/${war-embedded-finalname}.jar" />
</target>
</configuration>
<goals>
<goal>run</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>release</id>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>${maven.enforcer.plugin.version}</version>
<executions>
<execution>
<id>enforce-java</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<requireJavaVersion>
<version>${maven.compiler.target}</version>
</requireJavaVersion>
</rules>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>${maven.gpg.plugin.version}</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<gpgArguments>
<arg>--pinentry-mode</arg>
<arg>loopback</arg>
</gpgArguments>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>