4.0.0 org.owasp benchmark 1.2 war OWASP Benchmark for Java OWASP Benchmark is a Java test suite designed to evaluate the accuracy, coverage, and speed of automated software vulnerability detection tools. https://github.com/OWASP-Benchmark/BenchmarkJava davewichers Dave Wichers dave.wichers@owasp.org OWASP Foundation https://owasp.org/ GNU General Public License, version 2 (GPL2) https://choosealicense.com/licenses/gpl-2.0/ findsecbugs com.github.spotbugs spotbugs-maven-plugin compile spotbugs Max Low true ${basedir}/src/main/resources/findbugs-security-include.xml ${basedir}/src/main/resources/findbugs-security-exclude.xml com.h3xstream.findsecbugs findsecbugs-plugin 1.13.0 deploy maven-antrun-plugin ldap-server package run database-server package run database-init package run org.codehaus.cargo cargo-maven3-plugin 300000 tomcat${tomcat.major.version}x ${tomcat.url}

${log.directory}/cargo-output.log

false ${log.directory}/cargo.log ${basedir}/src/config/${runenv}/server.xml conf true ${basedir}/src/config/${runenv}/context.xml conf true ${project.build.directory}/tomcat${tomcat.major.version}x 8443 https HTTP/1.1 ISO-8859-1 false TLS ${project.basedir}/.keystore changeit tomcat true ${tomcat.jvmargs} ${tomcat.jvmargs.debug} deploywcontrast maven-antrun-plugin ldap-server package run database-server package run database-init package run org.codehaus.cargo cargo-maven3-plugin 300000 tomcat${tomcat.major.version}x ${tomcat.url}

${log.directory}/cargo-output.log

false ${log.directory}/cargo.log ${basedir}/src/config/${runenv}/server.xml conf true ${basedir}/src/config/${runenv}/context.xml conf true ${project.build.directory}/tomcat${tomcat.major.version}x -Xmx8G -javaagent:${basedir}/tools/Contrast/contrast.jar -Dcontrast.dir=${basedir}/tools/Contrast/working -Dcontrast.config.path=${basedir}/tools/Contrast/contrast.yaml 8443 https HTTP/1.1 ISO-8859-1 false TLS ${project.basedir}/.keystore changeit tomcat true deploywseeker -javaagent:${basedir}/tools/seeker/seeker-agent.jar -Dseeker.server.url=https://server.example.com:8888 -Dseeker.project.key=Benchmark maven-antrun-plugin ldap-server package run database-server package run database-init package run org.codehaus.cargo cargo-maven3-plugin 300000 tomcat${tomcat.major.version}x ${tomcat.url}

${log.directory}/cargo-output.log

false ${log.directory}/cargo.log ${basedir}/src/config/${runenv}/server.xml conf true ${basedir}/src/config/${runenv}/context.xml conf true ${project.build.directory}/tomcat${tomcat.major.version}x ${seeker.javaagent} ${seeker.server.url} ${seeker.project.key} -Xss2m -Xmx8G 8443 https HTTP/1.1 ISO-8859-1 false TLS ${project.basedir}/.keystore changeit tomcat true deploywcxiast maven-antrun-plugin ldap-server package run database-server package run database-init package run org.codehaus.cargo cargo-maven3-plugin 300000 tomcat${tomcat.major.version}x ${tomcat.url}

${log.directory}/cargo-output.log

false ${log.directory}/cargo.log ${basedir}/src/config/${runenv}/server.xml conf true ${basedir}/src/config/${runenv}/context.xml conf true -Xmx8G -javaagent:${basedir}/tools/CxIAST/cx-launcher.jar -Diast.home=${basedir}/tools/CxIAST/ -Xverify:none 8443 https HTTP/1.1 ISO-8859-1 false TLS ${project.basedir}/.keystore changeit tomcat true deploywhcl maven-antrun-plugin ldap-server package run database-server package run database-init package run org.codehaus.cargo cargo-maven3-plugin 400000 tomcat${tomcat.major.version}x ${tomcat.url}

${log.directory}/cargo-output.log

false ${log.directory}/cargo.log ${basedir}/src/config/${runenv}/server.xml conf true ${basedir}/src/config/${runenv}/context.xml conf true ${project.build.directory}/tomcat${tomcat.major.version}x -Xmx8G -javaagent:${basedir}/tools/HCL/secagent.jar=agent_path=${basedir}/tools/HCL/secagent.jar -Dsecagent.log=${basedir}/results/HCL-IAST.hcl 8443 https HTTP/1.1 ISO-8859-1 false TLS ${project.basedir}/.keystore changeit tomcat true javax javaee-api 8.0.1 provided com.sun.jersey jersey-servlet 1.19.4 commons-codec commons-codec 1.18.0 commons-dbcp commons-dbcp 1.4 commons-io commons-io 2.18.0 commons-lang commons-lang 2.6 org.slf4j slf4j-reload4j 2.0.17 org.apache.directory.api api-ldap-model ${version.apache.api-ldap} org.apache.directory.api api-ldap-schema-data ${version.apache.api-ldap} org.apache.directory.server apacheds-core ${version.apacheds} org.apache.directory.server apacheds-core-annotations ${version.apacheds} org.apache.directory.server apacheds-core-api ${version.apacheds} org.apache.directory.server apacheds-core-avl ${version.apacheds} org.apache.directory.server apacheds-core-constants ${version.apacheds} org.apache.directory.server apacheds-core-jndi ${version.apacheds} org.apache.directory.server apacheds-interceptor-kerberos ${version.apacheds} org.apache.directory.server apacheds-jdbm-partition ${version.apacheds} org.apache.directory.server apacheds-kerberos-codec ${version.apacheds} org.apache.directory.server apacheds-ldif-partition ${version.apacheds} org.apache.directory.server apacheds-protocol-ldap ${version.apacheds} org.apache.directory.server apacheds-protocol-shared ${version.apacheds} org.apache.directory.server apacheds-server-annotations ${version.apacheds} org.apache.directory.server apacheds-server-jndi ${version.apacheds} org.apache.directory.server apacheds-test-framework ${version.apacheds} org.apache.directory.server apacheds-xdbm-partition ${version.apacheds} org.apache.httpcomponents.client5 httpclient5 5.4.3 org.apache.httpcomponents.core5 httpcore5 5.3.4 org.bouncycastle bcprov-jdk15on 1.70 org.hibernate hibernate-core ${version.hibernate} commons-collections commons-collections org.hibernate hibernate-entitymanager ${version.hibernate} org.hsqldb hsqldb 2.7.4 org.owasp.esapi esapi 2.6.0.0 org.springframework spring-context ${version.springframework} org.springframework spring-jdbc ${version.springframework} org.springframework spring-tx ${version.springframework} org.springframework spring-web ${version.springframework} org.springframework spring-webmvc ${version.springframework} xml-apis xml-apis 1.4.01 com.fasterxml.jackson.core jackson-databind 2.18.3 benchmark co.leantechniques maven-buildtime-extension 3.0.5 ${basedir}/src/main/resources org.apache.maven.plugins maven-antrun-plugin 3.1.0 org.apache.maven.plugins maven-assembly-plugin 3.7.1 org.apache.maven.plugins maven-dependency-plugin 3.8.1 com.sun.jersey:jersey-servlet commons-dbcp:commons-dbcp org.hibernate:hibernate-entitymanager org.slf4j:slf4j-reload4j org.springframework:spring-webmvc org.apache.maven.plugins maven-release-plugin 3.1.1 org.apache.maven.plugins maven-antrun-plugin org.apache.maven.plugins maven-clean-plugin 3.4.1 org.apache.maven.plugins maven-compiler-plugin 3.14.0 true 1000m 2000m ${java.target} org.apache.maven.plugins maven-deploy-plugin 3.1.4 org.apache.maven.plugins maven-enforcer-plugin 3.5.0 org.codehaus.mojo extra-enforcer-rules 1.9.0 enforce-bytecode-version enforce 11 Dependencies shouldn't require Java 12+. warn enforce-jdk-version enforce ${java.target} Benchmark is currently written to support Java 8. org.apache.maven.plugins maven-help-plugin 3.5.1 org.apache.maven.plugins maven-install-plugin 3.1.4 org.apache.maven.plugins maven-jxr-plugin 3.6.0 org.apache.maven.plugins maven-pmd-plugin 3.26.0 org.apache.maven.plugins maven-project-info-reports-plugin 3.9.0 org.apache.maven.plugins maven-resources-plugin 3.3.1 org.apache.maven.plugins maven-site-plugin 3.21.0 org.apache.maven.skins maven-fluido-skin ${version.fluido} org.apache.maven.plugins maven-surefire-plugin 3.5.3 org.apache.maven.plugins maven-war-plugin 3.4.0 ${maven.war.webxml} org.codehaus.cargo cargo-maven3-plugin 1.10.18 org.codehaus.mojo versions-maven-plugin 2.18.0 com.github.spotbugs spotbugs-maven-plugin ${version.spotbugs.maven} Max Low true com.github.spotbugs spotbugs ${version.spotbugs} com.h3xstream.findsecbugs findsecbugs-plugin 1.13.0 com.internetitem write-properties-file-maven-plugin 2.0.0 org.jasig.mojo.jspc jspc-maven-plugin 2.0.2 com.diffplug.spotless spotless-maven-plugin 2.44.3 origin/master *.md data/**/*.* *results/**/*.* scorecard/**/*.* target/**/*.* false true 4 **/*.html data/**/*.* *results/**/*.* target/**/*.* HTML ${basedir}/DevStyleHtml.prefs src/config/**/*.xml pom.xml XML ${basedir}/DevStyleXml.prefs 1.17.0 spotless-apply compile apply org.apache.maven.plugins maven-jxr-plugin org.codehaus.mojo versions-maven-plugin dependency-updates-report plugin-updates-report property-updates-report org.apache.maven.plugins maven-project-info-reports-plugin index dependency-convergence false 8 UTF-8 UTF-8 ${basedir}/src/config/web.xml local -Xms1G -Xmx8G -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5050 -Xnoagent -Djava.compiler=NONE ${project.build.directory}/log 2.1.7 2.0.0.AM27 2.1.0 3.6.10.Final 4.9.3.0 4.9.3 5.3.39 9 9.0.97 https://archive.apache.org/dist/tomcat/tomcat-${tomcat.major.version}/v${version.tomcat}/bin/apache-tomcat-${version.tomcat}.zip