Merge pull request 'SCRUM-2729: Added support for OWASP SAST Tools' (#8) from feature/SCRUM-2729 into develop

Reviewed-on: #8
2025-11-14 12:27:02 +01:00 · 2025-11-14 12:27:02 +01:00 · aa46b3cbb5
parent 626ebe53a3 dfaaaeb56a
commit aa46b3cbb5
4 changed files with 31 additions and 2 deletions
--- a/.sonarlint/connectedMode.json
+++ b/.sonarlint/connectedMode.json
@ -0,0 +1,4 @@
+{
+    "sonarQubeUri": "http://localhost:9900",
+    "projectKey": "wp2-be-audit-bs"
+}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -28,6 +28,13 @@

 # [1.0.0] - 2025-10-10

+### [SCRUM-2729](https://itserr-wp2.atlassian.net/browse/SCRUM-2729)
+
+### Added
+
+- Added support for OWASP SAST Tools
+- SonarQube, FindSecBugs, OWASP Dependency Check
+
 ### [SCRUM-2283](https://itserr-wp2.atlassian.net/browse/SCRUM-2283)

 ### Added
--- a/pom.xml
+++ b/pom.xml
@ -8,7 +8,7 @@
    <parent>
        <groupId>com.finconsgroup.itserr.marketplace</groupId>
        <artifactId>core</artifactId>
-        <version>1.0.4</version>
+        <version>1.0.10</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

@ -26,6 +26,8 @@
    <properties>
        <revision>1.0.2-SNAPSHOT</revision>
        <itserr.audit-bs.version>${revision}</itserr.audit-bs.version>
+        <sonar.projectKey>${project.name}</sonar.projectKey>
+        <sonar.projectName>${project.name}</sonar.projectName>
    </properties>

    <dependencyManagement>
@ -34,7 +36,7 @@
            <dependency>
                <groupId>com.finconsgroup.itserr.marketplace</groupId>
                <artifactId>wp2-be-audit-dm-client</artifactId>
-                <version>1.0.1</version>
+                <version>1.0.2</version>
            </dependency>

            <!-- WP2 Audit BS Client -->
--- a/wp2-be-audit-bs-server/src/main/resources/spotbugs-files/sb-exclude-filters.xml
+++ b/wp2-be-audit-bs-server/src/main/resources/spotbugs-files/sb-exclude-filters.xml
@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FindBugsFilter
+        xmlns="https://github.com/spotbugs/filter/4.8.4"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="https://github.com/spotbugs/filter/4.8.4 https://raw.githubusercontent.com/spotbugs/spotbugs/4.8.4/spotbugs/etc/findbugsfilter.xsd">
+    <Match>
+        <Class name="~com\.finconsgroup\.itserr\.marketplace.*\.WireMockServerTest"/>
+        <Method name="getWireMockConfiguration"/>
+        <Bug pattern="UNENCRYPTED_SERVER_SOCKET"/>
+    </Match>
+    <Match>
+        <Class name="~com\.finconsgroup\.itserr\.marketplace.*\.DiagnosticsController"/>
+        <Method name="downloadLogs"/>
+        <Bug pattern="PATH_TRAVERSAL_IN"/>
+    </Match>
+</FindBugsFilter>