PHOENIX-6317 Add OWASP dependency check for connectors
Change-Id: If7344b251afb2b4a0cdf4aea008f7a9bfca2e241
diff --git a/phoenix-hive-base/phoenix5-hive/pom.xml b/phoenix-hive-base/phoenix5-hive/pom.xml
index b20184d..d8f7809 100644
--- a/phoenix-hive-base/phoenix5-hive/pom.xml
+++ b/phoenix-hive-base/phoenix5-hive/pom.xml
@@ -42,6 +42,7 @@
<hive.version>${hive3.version}</hive.version>
<jdk.version>1.8</jdk.version>
<phoenix.main.version>5</phoenix.main.version>
+ <calcite.version>${hive5.calcite.version}</calcite.version>
</properties>
<dependencies>
diff --git a/phoenix-hive-base/pom.xml b/phoenix-hive-base/pom.xml
index 53d6630..75ac990 100644
--- a/phoenix-hive-base/pom.xml
+++ b/phoenix-hive-base/pom.xml
@@ -46,6 +46,9 @@
<tez.version>0.9.1</tez.version>
<jdk.version>1.8</jdk.version>
<commons-lang3.version>3.9</commons-lang3.version>
+ <hive4.calcite.version>1.10.0</hive4.calcite.version>
+ <hive5.calcite.version>1.16.0</hive5.calcite.version>
+ <calcite.version>${hive4.calcite.version}</calcite.version>
</properties>
<dependencies>
@@ -586,9 +589,10 @@
<dependencyManagement>
<dependencies>
- <dependency>
+ <dependency>
<groupId>org.apache.calcite</groupId>
<artifactId>calcite-core</artifactId>
+ <version>${calcite.version}</version>
<exclusions>
<exclusion>
<!-- PHOENIX-6478: exclude a dependency that is not required and not available at Maven Central -->
diff --git a/pom.xml b/pom.xml
index deb7d9c..95889ee 100644
--- a/pom.xml
+++ b/pom.xml
@@ -125,6 +125,7 @@
<exec-maven-plugin.version>1.6.0</exec-maven-plugin.version>
<spotbugs-maven-plugin.version>4.1.3</spotbugs-maven-plugin.version>
<spotbugs.version>4.1.3</spotbugs.version>
+ <maven-owasp-plugin.version>5.3.2</maven-owasp-plugin.version>
<!-- Plugin options -->
<numForkedUT>8</numForkedUT>
@@ -223,6 +224,16 @@
We already inherit some from the ASF parent pom. -->
</plugin>
<plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>${maven-owasp-plugin.version}</version>
+ <configuration>
+ <skipProvidedScope>true</skipProvidedScope>
+ <skipRuntimeScope>true</skipRuntimeScope>
+ <skipSystemScope>true</skipSystemScope>
+ </configuration>
+ </plugin>
+ <plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>${spotbugs-maven-plugin.version}</version>
@@ -964,6 +975,17 @@
<artifactId>spotbugs-maven-plugin</artifactId>
</plugin>
<plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <reportSets>
+ <reportSet>
+ <reports>
+ <report>aggregate</report>
+ </reports>
+ </reportSet>
+ </reportSets>
+ </plugin>
+ <plugin>
<groupId>org.apache.rat</groupId>
<artifactId>apache-rat-plugin</artifactId>
</plugin>