[FLINK-12119][build] Add owasp-dependency-check plugin

Run via "mvn org.owasp:dependency-check-maven:aggregate". Prints a report to stdout and creates a report in the root /target directory.
deepfield · Apr 17, 2019 · a505838 · a505838
1 parent c28c6e8
commit a505838
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/pom.xml b/pom.xml
@@ -1813,6 +1813,23 @@ under the License.
  </executions>
  </plugin>
 
+ <plugin>
+ <!-- run via "mvn org.owasp:dependency-check-maven:aggregate" -->
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>5.0.0-M2</version>
+ <configuration>
+ <format>ALL</format>
+ <skipSystemScope>true</skipSystemScope>
+ <skipProvidedScope>true</skipProvidedScope>
+ <excludes>
+ <exclude>*flink-docs</exclude>
+ <exclude>*flink-end-to-end-tests</exclude>
+ <exclude>*flink-fs-tests*</exclude>
+ <exclude>*flink-yarn-tests*</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
  </plugins>
  </pluginManagement>
  </build>