This is a simple app using Spring Boot as part of Red Hat OpenShift Application Runtimes.
git clone
mvn spring-boot:run
-
curl -v http://localhost:8080/v1/greeting
-
curl -v http://localhost:8080/v1/hostinfo
-
curl -v http://localhost:8080/v1/envinfo
-
SonarQube Scanner Plugin. NOTE: This plugin is a client and needs to connect to a running sonar server.
- Usage:
mvn sonar:sonar
to execute.- Plugin is currently not tied to the standard maven lifecyle.
- To help execute the scan in Jenkins pipelines, the
sonarqubeStaticAnalysis()
function from the pipeline-library will execute the goal in your build process. - SonarQube plugin docs
- Usage:
-
Jacoco Maven Plugin
- Usage:
mvn package
to execute in standard maven lifecyclemvn jacoco:report
to execute the plugin standalone
- Code coverage reports will then be found in
target/site
. - Jacoco plugin docs
- Usage:
-
OWASP Dependency Check
- Usage:
mvn verify
to execute in standard maven lifecyclemvn dependency-check:check
to execute the plugin standalone
- The dependency-check plugin will check dependencies for vulnerabilities against the National Vulnerability Database hosted by NIST and fail should there be any dependency with a CVSS score greater or equal to that specified in the pom file.
- Maven plugin docs
- OWASP Dependency Check docs
- Continuous security and OWASP Dependency Check blog
- Usage: