Skip to content
Open
18 changes: 17 additions & 1 deletion .github/workflows/blackduck.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ on:
permissions:
contents: read # allows workflow to checkout private repository
pull-requests: read # allows SonarQube to decorate PRs with analysis results
packages: read # allows workflow to download dependencies from GitHub Packages

jobs:
build:
Expand All @@ -30,7 +31,22 @@ jobs:
java-version: '21'
distribution: 'temurin'
cache: maven

- name: Configure Maven for GitHub Packages
run: |
mkdir -p ~/.m2
cat > ~/.m2/settings.xml <<EOF
<settings>
<servers>
<server>
<id>github-snapshot</id>
<username>${{ github.actor }}</username>
<password>${{ secrets.GITHUB_TOKEN }}</password>
</server>
</servers>
</settings>
EOF
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install dependencies
run: |
mvn clean install -P unit-tests -DskipIntegrationTests
Expand Down
24 changes: 23 additions & 1 deletion app/multi-tenant/central-space/cloud-cap-samples-java/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.2.6</version>
<version>3.5.16</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>

Expand Down Expand Up @@ -72,6 +72,28 @@
<version>4.0.0</version>
</dependency>

<!-- Security: fix Netty CVEs (BlackDuck) -->
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-bom</artifactId>
<version>4.2.15.Final</version>
<type>pom</type>
<scope>import</scope>
</dependency>

<!-- Security: fix Bouncy Castle CVEs (BlackDuck) -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>1.84</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>1.84</version>
</dependency>


</dependencies>
</dependencyManagement>

Expand Down
112 changes: 112 additions & 0 deletions app/multi-tenant/central-space/cloud-cap-samples-java/srv/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,117 @@

<name>bookshop</name>

<dependencyManagement>
<dependencies>
<!-- Security fixes: force safe transitive versions -->
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib</artifactId>
<version>2.4.0</version>
</dependency>
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib-jdk8</artifactId>
<version>2.4.0</version>
</dependency>
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib-jdk7</artifactId>
<version>2.4.0</version>
</dependency>
<dependency>
<groupId>io.opentelemetry</groupId>
<artifactId>opentelemetry-api</artifactId>
<version>1.63.0</version>
</dependency>
<dependency>
<groupId>io.opentelemetry</groupId>
<artifactId>opentelemetry-context</artifactId>
<version>1.63.0</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>6.5.11</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>6.5.11</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>6.5.11</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-core</artifactId>
<version>6.5.11</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
<version>6.5.11</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-resource-server</artifactId>
<version>6.5.11</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-crypto</artifactId>
<version>6.5.11</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.22.0</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.5.37</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>1.5.37</version>
</dependency>
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>10.9.1</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot</artifactId>
<version>3.5.15</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-autoconfigure</artifactId>
<version>3.5.15</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>10.1.56</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-websocket</artifactId>
<version>10.1.56</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-el</artifactId>
<version>10.1.56</version>
</dependency>
</dependencies>
</dependencyManagement>

<!-- ACTUAL DEPENDENCIES -->
<dependencies>
<!-- CDS DEPENDENCIES -->
Expand Down Expand Up @@ -112,6 +223,7 @@
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>2.4.240</version>
<scope>runtime</scope>
</dependency>

Expand Down
23 changes: 22 additions & 1 deletion app/multi-tenant/personal-space/cloud-cap-samples-java/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.2.6</version>
<version>3.5.16</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>

Expand Down Expand Up @@ -72,6 +72,27 @@
<version>4.0.0</version>
</dependency>

<!-- Security: fix Netty CVEs (BlackDuck) -->
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-bom</artifactId>
<version>4.2.15.Final</version>
<type>pom</type>
<scope>import</scope>
</dependency>

<!-- Security: fix Bouncy Castle CVEs (BlackDuck) -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>1.84</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>1.84</version>
</dependency>

</dependencies>
</dependencyManagement>

Expand Down
97 changes: 97 additions & 0 deletions app/multi-tenant/personal-space/cloud-cap-samples-java/srv/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,102 @@

<name>bookshop</name>

<dependencyManagement>
<dependencies>
<!-- Security fixes: force safe transitive versions -->
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib</artifactId>
<version>2.4.0</version>
</dependency>
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib-jdk8</artifactId>
<version>2.4.0</version>
</dependency>
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib-jdk7</artifactId>
<version>2.4.0</version>
</dependency>
<dependency>
<groupId>io.opentelemetry</groupId>
<artifactId>opentelemetry-api</artifactId>
<version>1.63.0</version>
</dependency>
<dependency>
<groupId>io.opentelemetry</groupId>
<artifactId>opentelemetry-context</artifactId>
<version>1.63.0</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>6.5.11</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>6.5.11</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>6.5.11</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-core</artifactId>
<version>6.5.11</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
<version>6.5.11</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-resource-server</artifactId>
<version>6.5.11</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-crypto</artifactId>
<version>6.5.11</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.22.0</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.5.37</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>1.5.37</version>
</dependency>
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>10.9.1</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot</artifactId>
<version>3.5.15</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-autoconfigure</artifactId>
<version>3.5.15</version>
</dependency>
</dependencies>
</dependencyManagement>

<!-- ACTUAL DEPENDENCIES -->
<dependencies>
<!-- CDS DEPENDENCIES -->
Expand Down Expand Up @@ -112,6 +208,7 @@
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>2.4.240</version>
<scope>runtime</scope>
</dependency>

Expand Down
23 changes: 22 additions & 1 deletion app/single-tenant/central-space/demoapp/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
<!-- DEPENDENCIES VERSION -->
<jdk.version>21</jdk.version>
<cds.services.version>4.1.1</cds.services.version>
<spring.boot.version>3.3.1</spring.boot.version>
<spring.boot.version>3.5.16</spring.boot.version>
<cds.install-cdsdk.version>8.0.2</cds.install-cdsdk.version>

<cds.install-node.downloadUrl>https://nodejs.org/dist/</cds.install-node.downloadUrl>
Expand Down Expand Up @@ -48,6 +48,27 @@
<type>pom</type>
<scope>import</scope>
</dependency>

<!-- Security: fix Netty CVEs (BlackDuck) -->
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-bom</artifactId>
<version>4.2.15.Final</version>
<type>pom</type>
<scope>import</scope>
</dependency>

<!-- Security: fix Bouncy Castle CVEs (BlackDuck) -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>1.84</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>1.84</version>
</dependency>
</dependencies>
</dependencyManagement>

Expand Down
Loading
Loading