Upgrade a few plugin dependencies, and minor improvements to 2 scripts for running tools on Benchmark.

davewichers · davewichers · commit 48dce3c67b8f · 2022-10-10T16:35:08.000-04:00
diff --git a/pom.xml b/pom.xml
@@ -782,14 +782,14 @@
         <dependency>
             <groupId>org.hsqldb</groupId>
             <artifactId>hsqldb</artifactId>
-            <!-- <version>2.5.1</version> This is latest version, but requires Java 8. 2.3.6 is last version to support Java 7. -->
+            <!-- <version>2.7.1</version> This is latest version, but requires Java 8. 2.3.6 is last version to support Java 7. -->
             <version>2.3.6</version>
         </dependency>
 
         <dependency>
             <groupId>org.owasp.esapi</groupId>
             <artifactId>esapi</artifactId>
-            <version>2.2.3.1</version>
+            <version>2.3.0.0</version>
         </dependency>
 
         <dependency>
@@ -853,12 +853,12 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-antrun-plugin</artifactId>
-                    <version>3.0.0</version>
+                    <version>3.1.0</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-assembly-plugin</artifactId>
-                    <version>3.3.0</version>
+                    <version>3.4.2</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
@@ -908,7 +908,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-deploy-plugin</artifactId>
-                <version>3.0.0-M2</version>
+                <version>3.0.0</version>
             </plugin>
 
             <plugin>
@@ -969,13 +969,13 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-install-plugin</artifactId>
-                <version>3.0.0-M1</version>
+                <version>3.0.1</version>
             </plugin>
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jxr-plugin</artifactId>
-                <version>3.2.0</version>
+                <version>3.3.0</version>
             </plugin>
 
             <plugin>
@@ -991,19 +991,26 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>3.3.0</version>
+                <version>3.4.1</version>
             </plugin>
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-resources-plugin</artifactId>
-                <version>3.2.0</version>
+                <version>3.3.0</version>
             </plugin>
 
             <plugin>
+                <!-- Note: This uses the maven-fluido-skin version specified next. The skin is referenced in src/site/site.xml. -->
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-site-plugin</artifactId>
-                <version>4.0.0-M1</version>
+                <version>4.0.0-M3</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.skins</groupId>
+                <artifactId>maven-fluido-skin</artifactId>
+                <version>1.11.1</version>
             </plugin>
 
             <plugin>
@@ -1075,7 +1082,7 @@
             <plugin>
                 <groupId>com.diffplug.spotless</groupId>
                 <artifactId>spotless-maven-plugin</artifactId>
-                <version>2.22.8</version>
+                <version>2.24.1</version>
                 <configuration>
                     <!-- optional: limit format enforcement to just the files changed by this feature branch -->
                     <ratchetFrom>origin/master</ratchetFrom>
@@ -1219,8 +1226,8 @@
         <version.apache-shared-ldap>0.9.19</version.apache-shared-ldap>
         <version.exec.maven>1.6.0</version.exec.maven>
         <version.hibernate>3.6.10.Final</version.hibernate>
-        <version.spotbugs.maven>4.7.0.0</version.spotbugs.maven>
-        <version.spotbugs>4.7.0</version.spotbugs>
+        <version.spotbugs.maven>4.7.1.1</version.spotbugs.maven>
+        <version.spotbugs>4.7.2</version.spotbugs>
         <version.springframework>4.3.30.RELEASE</version.springframework>
         <!-- tomcat 8.5 is last version to support Java 7. Tomcat 9+ requires Java 8. -->
         <tomcat.major.version>8</tomcat.major.version>
diff --git a/scripts/mvnFortifyScan.bat b/scripts/mvnFortifyScan.bat
@@ -1,2 +1,2 @@
-sourceanalyzer -b benchmark -Xmx10G -scan -f benchmark.fpr
+sourceanalyzer -b benchmark -Xmx10G -scan -f results/Benchmark_1.2_Fortify.fpr
 
diff --git a/scripts/runHorusec.sh b/scripts/runHorusec.sh
@@ -11,7 +11,7 @@ docker pull horuszup/horusec-cli
 benchmark_version=$(scripts/getBenchmarkVersion.sh)
 horusec_version=$(docker run --rm horuszup/horusec-cli horusec version 2>&1 | grep Version | awk '{print $NF}')
 
-result_file="/src/results/Benchmark_$benchmark_version-horusec-$horusec_version.json"
+result_file="./results/Benchmark_$benchmark_version-horusec-$horusec_version.json"
 docker run --rm \
           -v /var/run/docker.sock:/var/run/docker.sock \
           -v "$(pwd)":/src horuszup/horusec-cli \
diff --git a/src/site/site.xml b/src/site/site.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project name="${project.name}" xmlns="https://maven.apache.org/DECORATION/1.8.0"
+    xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="https://maven.apache.org/DECORATION/1.8.0 https://maven.apache.org/xsd/decoration-1.8.0.xsd">
+    <bannerLeft>
+        <src>/images/owasp.png</src>
+        <href>https://owasp.org/www-project-benchmark/</href>
+    </bannerLeft>
+    <skin>
+        <groupId>org.apache.maven.skins</groupId>
+        <artifactId>maven-fluido-skin</artifactId>
+    </skin>
+    <custom>
+        <fluidoSkin>
+            <topBarEnabled>false</topBarEnabled>
+            <sideBarEnabled>true</sideBarEnabled>
+        </fluidoSkin>
+    </custom>
+    <body>
+        <links>
+            <item name="OWASP Benchmark" href="https://owasp.org/www-project-benchmark/" />
+        </links>
+        <menu ref="reports" />
+    </body>
+</project>
+

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`		`-sourceanalyzer -b benchmark -Xmx10G -scan -f benchmark.fpr`
	`1`	`+sourceanalyzer -b benchmark -Xmx10G -scan -f results/Benchmark_1.2_Fortify.fpr`
`2`	`2`