From edb344dd145f030d230ecce88e82d626d2159a9a Mon Sep 17 00:00:00 2001
From: Istvan Toth <stoty@apache.org>
Date: Fri, 28 Aug 2020 09:15:17 +0200
Subject: [PATCH] PHOENIX-6065 Add OWASP dependency check, and update the
 flagged direct dependencies

---
 pom.xml | 34 ++++++++++++++++++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index b98c49896bf..180e48c76a8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -153,8 +153,10 @@
     <!-- JaCoCo thresholds which we can override in each sub-module if required -->
     <jacoco.instruction.coverage.percentage>0.700</jacoco.instruction.coverage.percentage>
     <jacoco.branch.coverage.percentage>0.600</jacoco.branch.coverage.percentage>
-   <curator.version>2.12.0</curator.version>
+    <zookeeper.version>3.4.14</zookeeper.version>
+    <curator.version>2.12.0</curator.version>
 
+    <maven-owasp-plugin.version>5.3.2</maven-owasp-plugin.version>
   </properties>
 
   <build>
@@ -1248,7 +1250,35 @@
       </properties>
     </profile>
 
-
+    <profile>
+      <id>owasp-dependency-check</id>
+      <activation>
+        <property>
+          <name>owasp-check</name>
+        </property>
+      </activation>
+      <build>
+        <plugins>
+          <plugin>
+            <groupId>org.owasp</groupId>
+            <artifactId>dependency-check-maven</artifactId>
+            <version>${maven-owasp-plugin.version}</version>
+            <configuration>
+              <skipProvidedScope>true</skipProvidedScope>
+              <skipRuntimeScope>true</skipRuntimeScope>
+              <skipSystemScope>true</skipSystemScope>
+            </configuration>
+            <executions>
+              <execution>
+                <goals>
+                  <goal>aggregate</goal>
+                </goals>
+              </execution>
+            </executions>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
 
     <profile>
       <id>codecoverage</id>