PIG-5352: Please add OWASP Dependency Check to the build ivy.xml (knoguchi)
git-svn-id: https://svn.apache.org/repos/asf/pig/trunk@1872609 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/CHANGES.txt b/CHANGES.txt
index 56f4a4c..adc5851 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -26,6 +26,8 @@
IMPROVEMENTS
+PIG-5352: Please add OWASP Dependency Check to the build ivy.xml (knoguchi)
+
PIG-5385: Skip calling extra gc() before spilling large bag when unnecessary (knoguchi)
PIG-5389: Passing null to REPLACE udf preventing JIT optimization (knoguchi)
diff --git a/build.xml b/build.xml
index 2c78b69..39fc66a 100644
--- a/build.xml
+++ b/build.xml
@@ -268,6 +268,7 @@
<property name="ivy.lib.dir.spark" location="${ivy.lib.dir}/spark" />
<property name="build.ivy.report.dir" location="${build.ivy.dir}/report" />
<property name="build.ivy.maven.dir" location="${build.ivy.dir}/maven" />
+ <property name="build.ivy.owasp.dir" location="${build.ivy.dir}/owasp" />
<property name="pom.xml" location="${build.ivy.maven.dir}/pom.xml"/>
<property name="build.ivy.maven.pom" location="${build.ivy.maven.dir}/pig-${version}.pom" />
<property name="build.ivy.maven.jar" location="${build.ivy.maven.dir}/pig-${version}-core.jar" />
@@ -1461,6 +1462,21 @@
<!-- Perform audit activities for the release -->
<!-- ================================================================== -->
+ <target name="owasp" depends="ivy-owasp,ivy-compile" description="OWASP dependency check">
+ <typedef format="properties" resource="dependency-check-taskdefs.properties" uri="antlib:org.owasp.dependencycheck.anttasks" classpathref="owasp-classpath"/>
+ <owasp:dependency-check xmlns:owasp="antlib:org.owasp.dependencycheck.anttasks"
+ projectname="Pig"
+ reportoutputdirectory="${build.dir}/owasp"
+ reportformat="ALL"
+ failBuildOnCVSS="0">
+
+ <fileset dir="${ivy.lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+
+ </owasp:dependency-check>
+ </target>
+
<target name="releaseaudit" depends="ivy-releaseaudit" description="generate a release audit report">
<get src="${mvnrepo}/org/apache/rat/apache-rat/${apacherat.version}/apache-rat-${apacherat.version}.jar"
dest="${basedir}/build/apache-rat-${apacherat.version}.jar"
@@ -1759,6 +1775,12 @@
<ivy:cachepath pathid="jdiff.classpath" conf="jdiff"/>
</target>
+ <target name="ivy-owasp" depends="ivy-resolve" description="Retrieve Ivy-managed artifacts for owasp configuration">
+ <ivy:retrieve settingsRef="${ant.project.name}.ivy.settings" log="${loglevel}"
+ pattern="${build.ivy.owasp.dir}/${ivy.artifact.retrieve.pattern}" conf="owasp"/>
+ <ivy:cachepath pathid="owasp-classpath" conf="owasp"/>
+ </target>
+
<target name="ivy-clean-cache" depends="ivy-init-antlib"
description="Clean the Ivy cache">
<ivy:cleancache />
diff --git a/ivy.xml b/ivy.xml
index a93da2a..37ba5d4 100644
--- a/ivy.xml
+++ b/ivy.xml
@@ -43,6 +43,7 @@
<conf name="hbase2" visibility="private"/>
<conf name="spark1" visibility="private" />
<conf name="spark2" visibility="private" />
+ <conf name="owasp" visibility="private" description="Artifacts required for owasp target"/>
</configurations>
<publications>
<artifact name="pig" conf="master"/>
@@ -614,6 +615,9 @@
conf="hadoop2->master"/>
<dependency org="org.apache.curator" name="curator-client" rev="${curator.version}"
conf="hadoop2->master"/>
+ <!-- For dependency check -->
+ <dependency org="org.owasp" name="dependency-check-ant"
+ rev="${dependency-check-ant.version}" conf="owasp->default"/>
</dependencies>
</ivy-module>
diff --git a/ivy/libraries.properties b/ivy/libraries.properties
index 1abc967..9d099e7 100644
--- a/ivy/libraries.properties
+++ b/ivy/libraries.properties
@@ -97,4 +97,5 @@
commons-lang3.version=3.6
scala-xml.version=1.0.5
glassfish.el.version=3.0.1-b08
-roaring-bitmap-shaded.version=0.7.14
\ No newline at end of file
+roaring-bitmap-shaded.version=0.7.14
+dependency-check-ant.version=5.2.4