https://github.com/checktor/quality-assurance-parent

Parent POM including quality assurance plugins.
https://github.com/checktor/quality-assurance-parent

jacoco owasp-dependencycheck spotbugs-scan

Last synced: 6 months ago
JSON representation

Parent POM including quality assurance plugins.

• Host: GitHub
• URL: https://github.com/checktor/quality-assurance-parent
• Owner: checktor
• License: gpl-3.0
• Created: 2022-06-10T17:33:34.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2024-07-04T22:21:55.000Z (almost 2 years ago)
• Last Synced: 2024-10-05T15:42:44.847Z (over 1 year ago)
• Topics: jacoco, owasp-dependencycheck, spotbugs-scan
• Homepage:
• Size: 4.75 MB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# quality-assurance-parent

Parent POM designed to ensure a reliable build by explicitly defining specific versions for Java and Maven as well as its basic plugins. Furthermore, it configures quality assurance components such as [JaCoCo](https://github.com/jacoco/jacoco), [OWASP Dependency-Check](https://github.com/jeremylong/DependencyCheck) and [SpotBugs](https://github.com/spotbugs/spotbugs).

## Requirements

The following build tool versions are required via Maven's enforcer plugin:

* Java 17

* Maven 3.6.3

## Usage

This POM is intended to be used as parent POM of your Maven project:

```

    io.github.checktor

    quality-assurance-parent

    4.0.0

```

If you already use a parent declaration, e.g. provided by Spring Boot, consider to move it to `` section using `pom` and `import`.

In order to consume a package from GitHub's package registry, you need to define the following additional repository in your project's POM:

```

    

        github

        https://maven.pkg.github.com/checktor/quality-assurance-parent

    

```

In this case, we use `github` as the repository ID which should match the ID of your GitHub credentials in local `settings.xml` file:

```

    ...

    

        

            github

            your_username

            your_personal_access_token

        

    

```

## OWASP Dependency-Check and SpotBugs filter

This POM assumes the presence of two files inside a [buildSettings](buildSettings/) folder which are used to define filter rules for vulnerability and bug checks, i.e.

* [dependency-check-filter.xml](buildSettings/dependency-check-filter.xml)

    * Suppress reporting of specific OWASP vulnerabilities in your dependencies.

* [spotbugs-filter.xml](buildSettings/spotbugs-filter.xml)

    * Filter specific bug findings.

If you want to suppress the reporting of vulnerability `CVE-2016-1000027`, add the following to your [dependency-check-filter.xml](buildSettings/dependency-check-filter.xml) file.

```

    CVE-2016-1000027