PHOENIX-7550 Update OWASP plugin to 12.1.0 (#2091)

Author: stoty

BUILDING.md

@@ -127,6 +127,12 @@ To run all available reports (takes a few hours)
 To run OWASP, RAT and Spotbugs, but not Jacoco (takes ~10 minutes)
 `$ mvn clean compile test-compile site -Dspotbugs.site`
 
+It is recommended to request an NVD API [key](https://nvd.nist.gov/developers/request-an-api-key) to
+increase the download speed of CVE data. To use the key append `-DnvdApiKey=<key>` to the maven
+command line.
+
+Note that the dependency check report generation is only enabled when run on Java 11 and later.
+
 The reports are accessible via `target/site/index.html`, under the main project,
 as well as each of the subprojects. (not every project has all reports)
 

pom.xml

@@ -153,14 +153,16 @@
     <jacoco-maven-plugin.version>0.8.11</jacoco-maven-plugin.version>
     <sonar-maven-plugin.version>3.10.0.2594</sonar-maven-plugin.version>
     <findbugs-annotations.version>1.3.9-1</findbugs-annotations.version>
-    <maven-owasp-plugin.version>10.0.2</maven-owasp-plugin.version>
+    <maven-owasp-plugin.version>12.1.0</maven-owasp-plugin.version>
     <os.maven.version>1.7.1</os.maven.version>
     <jasmine-maven-plugin.version>2.2</jasmine-maven-plugin.version>
     <lifecycle-mapping.version>1.0.0</lifecycle-mapping.version>
     <maven-bundle-plugin.version>5.1.9</maven-bundle-plugin.version>
     <exec-maven-plugin.version>3.1.1</exec-maven-plugin.version>
     <maven-checkstyle-plugin.version>3.3.0</maven-checkstyle-plugin.version>
     <maven-shade-plugin.version>3.6.0</maven-shade-plugin.version>
+    <!-- This overrides the property in the ASF parent project-->
+    <version.maven-site-plugin>3.21.0</version.maven-site-plugin>
     <mvel2.version>2.5.2.Final</mvel2.version>
 
     <!-- Plugin options -->
@@ -2291,30 +2293,39 @@
           @{jacocoArgLine}</argLine>
       </properties>
     </profile>
+    <profile>
+      <activation>
+        <jdk>[11,)</jdk>
+      </activation>
+      <reporting>
+        <plugins>
+          <plugin>
+            <groupId>org.owasp</groupId>
+            <artifactId>dependency-check-maven</artifactId>
+            <version>${maven-owasp-plugin.version}</version>
+            <configuration>
+              <skipProvidedScope>true</skipProvidedScope>
+              <skipRuntimeScope>true</skipRuntimeScope>
+              <skipSystemScope>true</skipSystemScope>
+            </configuration>
+            <reportSets>
+              <reportSet>
+                <reports>
+                  <report>aggregate</report>
+                </reports>
+              </reportSet>
+            </reportSets>
+          </plugin>
+        </plugins>
+      </reporting>
+    </profile>
   </profiles>
   <reporting>
     <plugins>
       <plugin>
         <groupId>com.github.spotbugs</groupId>
         <artifactId>spotbugs-maven-plugin</artifactId>
       </plugin>
-      <plugin>
-        <groupId>org.owasp</groupId>
-        <artifactId>dependency-check-maven</artifactId>
-        <version>${maven-owasp-plugin.version}</version>
-        <configuration>
-          <skipProvidedScope>true</skipProvidedScope>
-          <skipRuntimeScope>true</skipRuntimeScope>
-          <skipSystemScope>true</skipSystemScope>
-        </configuration>
-        <reportSets>
-          <reportSet>
-              <reports>
-                  <report>aggregate</report>
-              </reports>
-          </reportSet>
-        </reportSets>
-      </plugin>
       <plugin>
         <groupId>org.jacoco</groupId>
         <artifactId>jacoco-maven-plugin</artifactId>