11#! /bin/bash -e
22#
3- # Copyright (c) 2020, 2024 Oracle and/or its affiliates.
3+ # Copyright (c) 2020, 2025 Oracle and/or its affiliates.
44#
55# Licensed under the Apache License, Version 2.0 (the "License");
66# you may not use this file except in compliance with the License.
@@ -19,14 +19,6 @@ set -o pipefail || true # trace ERR through pipes
1919set -o errtrace || true # trace ERR through commands and functions
2020set -o errexit || true # exit the script if any statement returns a non-true return value
2121
22- on_error (){
23- CODE=" ${?} " && \
24- set +x && \
25- printf " [ERROR] Error(code=%s) occurred at %s:%s command: %s\n"
26- " ${CODE} " " ${BASH_SOURCE[0]} " " ${LINENO} " " ${BASH_COMMAND} "
27- }
28- trap on_error ERR
29-
3022# Path to this script
3123if [ -h " ${0} " ; then
3224 SCRIPT_PATH=" $( readlink " ${0} " ) "
@@ -39,10 +31,17 @@ readonly SCRIPT_PATH
3931# Path to the root of the workspace
4032# shellcheck disable=SC2046
4133WS_DIR=$( cd $( dirname -- " ${SCRIPT_PATH} " ) ; cd ../.. ; pwd -P)
42- readonly WS_DIR
4334
44- # shellcheck disable=SC2155
45- readonly RESULT_FILE=$( mktemp -t XXXdependency-check-result)
35+ on_error (){
36+ CODE=" ${?} " && \
37+ set +x && \
38+ printf " [ERROR] Error(code=%s) occurred at %s:%s command: %s\n"
39+ " ${CODE} " " ${BASH_SOURCE[0]} " " ${LINENO} " " ${BASH_COMMAND} "
40+ }
41+ trap on_error ERR
42+
43+ RESULT_FILE=$( mktemp -t XXXdependency-check-result)
44+ readonly RESULT_FILE
4645
4746die () { cat " ${RESULT_FILE} " ; echo " Dependency report in ${WS_DIR} /target" ; echo " ${1} " ; exit 1 ; }
4847
@@ -52,13 +51,24 @@ if [ "${PIPELINE}" = "true" ] ; then
5251 mvn ${MAVEN_ARGS} -f " ${WS_DIR} "
5352fi
5453
54+ # The Sonatype OSS Index analyzer requires authentication
55+ # See https://ossindex.sonatype.org/doc/auth-required
56+ # Set OSS_INDEX_USERNAME and OSS_INDEX_PASSWORD to authenticate.
57+ # Otherwise OSS Index analyzer will be disabled
58+ # And yes, this option uses a lower case i while Username and Password has an upper case I
59+ OSS_INDEX_OPTIONS=" -DossindexAnalyzerEnabled=false"
60+ if [ -n " ${OSS_INDEX_PASSWORD} " && [ -n " ${OSS_INDEX_USERNAME} " ; then
61+ OSS_INDEX_OPTIONS=" -DossindexAnalyzerEnabled=true -DossIndexUsername=${OSS_INDEX_USERNAME} -DossIndexPassword=${OSS_INDEX_PASSWORD} "
62+ fi
63+
5564# Setting NVD_API_KEY is not required but improves behavior of NVD API throttling
5665
5766# shellcheck disable=SC2086
5867mvn ${MAVEN_ARGS} -Dorg.slf4j.simpleLogger.defaultLogLevel=WARN org.owasp:dependency-check-maven:aggregate \
5968 -f " ${WS_DIR} "
6069 -Dtop.parent.basedir=" ${WS_DIR} "
61- -Dnvd-api-key=" ${NVD_API_KEY} "
70+ -DnvdApiKey=" ${NVD_API_KEY} "
71+ ${OSS_INDEX_OPTIONS} \
6272 > " ${RESULT_FILE} " || die " Error running the Maven command"
6373
6474grep -i " One or more dependencies were identified with known vulnerabilities" " ${RESULT_FILE} "
0 commit comments