Adding OWASP reporting into pom

README.md

@@ -44,4 +44,10 @@ If you are trying to copy the examples somewhere else and modifying them. Consid
     # if trying to modify the 'topic' example:
     cd examples/jms/topic && mvn dependency:list
 
+### Open Web Application Security Project (OWASP) Report
 
+If you wish to generate the report for CCV dependencies, you may run it with the -Powasp profile
+
+    $ mvn -Powasp verify
+
+The output will be under ./target/dependency-check-report.html **for each** sub-module.

pom.xml

@@ -86,6 +86,7 @@
       <qpid.jms.version>0.11.0</qpid.jms.version>
       <johnzon.version>0.9.5</johnzon.version>
       <json-p.spec.version>1.0-alpha-1</json-p.spec.version>
+      <owasp.version>1.4.3</owasp.version>
 
       <activemq.version.versionName>${project.version}</activemq.version.versionName>
       <activemq.version.majorVersion>1</activemq.version.majorVersion>
@@ -138,6 +139,7 @@
       <activemq.basedir>${project.basedir}</activemq.basedir>
       <skipLicenseCheck>true</skipLicenseCheck>
       <skipStyleCheck>true</skipStyleCheck>
+      <skipOWASP>true</skipOWASP>
       <geronimo.jms.2.spec.version>1.0-alpha-2</geronimo.jms.2.spec.version>
 
       <javac-compiler-id>javac-with-errorprone</javac-compiler-id>
@@ -302,6 +304,19 @@
          </dependency>
          <!-- ### End Build Time Dependencies ### -->
 
+         <dependency>
+            <groupId>org.owasp</groupId>
+            <artifactId>dependency-check-core</artifactId>
+            <version>${owasp.version}</version>
+            <!-- License: Apache 2.0 -->
+         </dependency>
+         <dependency>
+            <groupId>org.owasp</groupId>
+            <artifactId>dependency-check-utils</artifactId>
+            <version>${owasp.version}</version>
+            <!-- License: Apache 2.0 -->
+         </dependency>
+
          <!-- ### Run Time Dependencies: MUST NOT INCLUDE CAT X LICENSES ###-->
          <dependency>
             <groupId>org.fusesource.hawtbuf</groupId>
@@ -608,6 +623,12 @@
             </plugins>
          </build>
       </profile>
+      <profile>
+         <id>owasp</id>
+         <properties>
+            <skipOWASP>false</skipOWASP>
+         </properties>
+      </profile>
       <profile>
          <id>dev</id>
          <modules>
@@ -1208,6 +1229,24 @@
             <version>3.0.0</version>
             <extensions>true</extensions>
          </plugin>
+         <plugin>
+            <groupId>org.owasp</groupId>
+            <artifactId>dependency-check-maven</artifactId>
+            <version>${owasp.version}</version>
+            <configuration>
+                <skip>${skipOWASP}</skip>
+                <!-- <skipProvidedScope>true</skipProvidedScope>
+                <skipRuntimeScope>true</skipRuntimeScope> -->
+            </configuration>
+            <executions>
+               <execution>
+                  <goals>
+                     <goal>check</goal>
+                  </goals>
+               </execution>
+            </executions>
+         </plugin>
+
       </plugins>
    </build>
 
@@ -1269,6 +1308,19 @@
             <artifactId>maven-surefire-report-plugin</artifactId>
             <version>2.14.1</version>
          </plugin>
+         <plugin>
+            <groupId>org.owasp</groupId>
+            <artifactId>dependency-check-maven</artifactId>
+            <version>${owasp.version}</version>
+            <reportSets>
+               <reportSet>
+                  <reports>
+                     <report>aggregate</report>
+                  </reports>
+               </reportSet>
+            </reportSets>
+         </plugin>
+
       </plugins>
    </reporting>