PHOENIX-6317 Add OWASP dependency check for connectors

Change-Id: If7344b251afb2b4a0cdf4aea008f7a9bfca2e241
diff --git a/phoenix-hive-base/phoenix5-hive/pom.xml b/phoenix-hive-base/phoenix5-hive/pom.xml
index b20184d..d8f7809 100644
--- a/phoenix-hive-base/phoenix5-hive/pom.xml
+++ b/phoenix-hive-base/phoenix5-hive/pom.xml
@@ -42,6 +42,7 @@
     <hive.version>${hive3.version}</hive.version>
     <jdk.version>1.8</jdk.version>
     <phoenix.main.version>5</phoenix.main.version>
+    <calcite.version>${hive5.calcite.version}</calcite.version>
   </properties>
 
   <dependencies>
diff --git a/phoenix-hive-base/pom.xml b/phoenix-hive-base/pom.xml
index 53d6630..75ac990 100644
--- a/phoenix-hive-base/pom.xml
+++ b/phoenix-hive-base/pom.xml
@@ -46,6 +46,9 @@
     <tez.version>0.9.1</tez.version>
     <jdk.version>1.8</jdk.version>
     <commons-lang3.version>3.9</commons-lang3.version>
+    <hive4.calcite.version>1.10.0</hive4.calcite.version>
+    <hive5.calcite.version>1.16.0</hive5.calcite.version>
+    <calcite.version>${hive4.calcite.version}</calcite.version>
   </properties>
 
   <dependencies>
@@ -586,9 +589,10 @@
 
    <dependencyManagement>
     <dependencies>
-      <dependency>      
+      <dependency>
         <groupId>org.apache.calcite</groupId>
         <artifactId>calcite-core</artifactId>
+        <version>${calcite.version}</version>
         <exclusions>
           <exclusion>
             <!-- PHOENIX-6478: exclude a dependency that is not required and not available at Maven Central -->
diff --git a/pom.xml b/pom.xml
index deb7d9c..95889ee 100644
--- a/pom.xml
+++ b/pom.xml
@@ -125,6 +125,7 @@
     <exec-maven-plugin.version>1.6.0</exec-maven-plugin.version>
     <spotbugs-maven-plugin.version>4.1.3</spotbugs-maven-plugin.version>
     <spotbugs.version>4.1.3</spotbugs.version>
+    <maven-owasp-plugin.version>5.3.2</maven-owasp-plugin.version>
 
     <!-- Plugin options -->
     <numForkedUT>8</numForkedUT>
@@ -223,6 +224,16 @@
                We already inherit some from the ASF parent pom. -->
         </plugin>
         <plugin>
+          <groupId>org.owasp</groupId>
+          <artifactId>dependency-check-maven</artifactId>
+          <version>${maven-owasp-plugin.version}</version>
+          <configuration>
+            <skipProvidedScope>true</skipProvidedScope>
+            <skipRuntimeScope>true</skipRuntimeScope>
+            <skipSystemScope>true</skipSystemScope>
+          </configuration>
+        </plugin>
+        <plugin>
           <groupId>com.github.spotbugs</groupId>
           <artifactId>spotbugs-maven-plugin</artifactId>
           <version>${spotbugs-maven-plugin.version}</version>
@@ -964,6 +975,17 @@
         <artifactId>spotbugs-maven-plugin</artifactId>
       </plugin>
       <plugin>
+        <groupId>org.owasp</groupId>
+        <artifactId>dependency-check-maven</artifactId>
+        <reportSets>
+          <reportSet>
+            <reports>
+              <report>aggregate</report>
+            </reports>
+          </reportSet>
+        </reportSets>
+      </plugin>
+      <plugin>
         <groupId>org.apache.rat</groupId>
         <artifactId>apache-rat-plugin</artifactId>
       </plugin>