diff --git a/.env b/.env
index 9f949a121..efcfa53f6 100644
--- a/.env
+++ b/.env
@@ -3,7 +3,7 @@ COMPOSE_PROJECT_NAME=gscloud
TAG=1.3-SNAPSHOT
GS_USER="1000:1000"
BASE_PATH=/geoserver/cloud
-DEFAULT_PROFILES="debug"
+DEFAULT_PROFILES="default"
EUREKA_SERVER_URL=http://discovery:8761/eureka
JDBCCONFIG_DBNAME=geoserver_config
JDBCCONFIG_URL=jdbc:postgresql://database:5432/${JDBCCONFIG_DBNAME}
diff --git a/run-trivy-image-scan.sh b/run-trivy-image-scan.sh
index c4380cbaf..b676c655a 100755
--- a/run-trivy-image-scan.sh
+++ b/run-trivy-image-scan.sh
@@ -7,19 +7,28 @@ v2=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
echo Comparing $v1 vs $v2...
echo Summary:
-for i in `docker images|grep geoservercloud|grep "$v2 "|sort|cut -d" " -f1`
+repo=geoservercloud
+for i in `docker images|grep geoservercloud|grep "$v2 "|sort|cut -d" " -f1|sed -e "s/$repo\///g"`
do
export image=$i
+ echo "----------------------------"
echo "* $image:"
- echo "\t\`$v1\`": $(trivy image --vuln-type library --no-progress $image:$v1 | grep Total)
- echo "\t\`$v2\`": $(trivy image --vuln-type library --no-progress $image:$v2 | grep Total)
+ echo "\t\`$v1\`: $(trivy image --scanners vuln --vuln-type library --no-progress $repo/$image:$v1 | grep Total)"
+ echo "\t\`$v2\`: $(trivy image --scanners vuln --vuln-type library --no-progress $repo/$image:$v2 | grep Total)"
done
-echo $v2 library vulnerabilities
-for i in `docker images|grep geoservercloud|grep "$v2 "|sort|cut -d" " -f1`
+echo "$v2 library vulnerabilities"
+
+echo writing html reports to $PWD/target
+mkdir -p target
+for i in `docker images|grep geoservercloud|grep "$v2 "|sort|cut -d" " -f1|sed -e "s/$repo\///g"`
do
export image=$i
- echo "--------------------------------------------------"
- echo "$image:"
- trivy image --vuln-type library --no-progress -s "HIGH,CRITICAL" $image:$v2 |grep -v INFO
+ export old=$image:$v1
+ export new=$image:$v2
+ trivy image --scanners vuln --vuln-type library --format template --template "@/usr/local/share/trivy/templates/html.tpl" -o target/$old.html $repo/$old
+ trivy image --scanners vuln --vuln-type library --format template --template "@/usr/local/share/trivy/templates/html.tpl" -o target/$new.html $repo/$new
done
+
+
+
diff --git a/src/pom.xml b/src/pom.xml
index f9b8f9795..f01e246c9 100644
--- a/src/pom.xml
+++ b/src/pom.xml
@@ -28,8 +28,10 @@
2.23-CLOUD
29-SNAPSHOT
1.0.1
-
-
+
+
4.1.41.Final
1.18.24
1.4.2.Final
@@ -40,19 +42,30 @@
change_me
${docker.image.prefix}/${docker.image.name}
-
+
true
false
true
- 2.20.73
+ 2.20.117
+
+
+
+ org.yaml
+ snakeyaml
+ 2.0
+
org.apache.logging.log4j
log4j-bom
@@ -62,19 +75,13 @@
-
+
com.fasterxml.jackson
jackson-bom
${jackson.version}
pom
import
-
-
- org.yaml
- snakeyaml
- 2.0
-
org.springframework.cloud
spring-cloud-dependencies
@@ -578,7 +585,8 @@
org.geoserver.importer
gs-importer-core
${gs.version}
-
+
org.geotools
@@ -659,13 +667,13 @@
-
+
software.amazon.awssdk
s3
${aws.version}
-
+
software.amazon.awssdk
auth
${aws.version}
@@ -909,10 +917,10 @@
org.apache.maven.plugins
maven-enforcer-plugin
- 3.0.0
+ 3.3.0
- enforce-maven-and-java
+ enforce
enforce
@@ -924,6 +932,9 @@
[3.6.3,)
+
+ test
+
@@ -950,4 +961,249 @@
+
+
+
+
+ dependencyConvergence
+
+ true
+
+
+
+
+ org.locationtech.jts
+ jts-core
+ 1.19.0
+
+
+ com.google.guava
+ guava
+ 32.1.1-jre
+
+
+ commons-beanutils
+ commons-beanutils
+ 1.9.4
+
+
+ commons-collections
+ commons-collections
+ 3.2.2
+
+
+ commons-lang
+ commons-lang
+ 2.6
+
+
+ commons-logging
+ commons-logging
+ 1.2
+
+
+ commons-io
+ commons-io
+ 2.12.0
+
+
+ org.apache.commons
+ commons-text
+ 1.10.0
+
+
+ org.codehaus.jettison
+ jettison
+ 1.5.4
+
+
+ javax.measure
+ unit-api
+ 2.1.3
+
+
+ com.google.code.findbugs
+ findbugs
+ 3.0.1
+
+
+ com.google.code.findbugs
+ jsr305
+ 3.0.2
+
+
+ org.checkerframework
+ checker-qual
+ 3.33.0
+
+
+ com.google.errorprone
+ error_prone_annotations
+ 2.18.0
+
+
+ com.google.j2objc
+ j2objc-annotations
+ 2.8
+
+
+ org.apache.wicket
+ wicket-core
+ 7.18.0
+
+
+ com.thoughtworks.xstream
+ xstream
+ 1.4.20
+
+
+ com.fasterxml.woodstox
+ woodstox-core
+ 6.5.1
+
+
+ com.netflix.servo
+ servo-core
+ 0.12.21
+
+
+ com.sun.jersey
+ jersey-core
+ 1.19.4
+
+
+ com.sun.jersey
+ jersey-client
+ 1.19.4
+
+
+ com.sun.jersey
+ jersey-server
+ 1.19.4
+
+
+ joda-time
+ joda-time
+ 2.10.13
+
+
+ org.ow2.asm
+ asm
+ 9.5
+
+
+ com.google.protobuf
+ protobuf-java
+ 3.19.4
+
+
+ io.netty
+ netty-buffer
+ 4.1.94.Final
+
+
+ io.netty
+ netty-codec
+ 4.1.94.Final
+
+
+ io.netty
+ netty-codec-http
+ 4.1.94.Final
+
+
+ io.netty
+ netty-codec-http2
+ 4.1.94.Final
+
+
+ io.netty
+ netty-codec-socks
+ 4.1.94.Final
+
+
+ io.netty
+ netty-common
+ 4.1.94.Final
+
+
+ io.netty
+ netty-handler
+ 4.1.94.Final
+
+
+ io.netty
+ netty-handler-proxy
+ 4.1.94.Final
+
+
+ io.netty
+ netty-resolver
+ 4.1.94.Final
+
+
+ io.netty
+ netty-transport
+ 4.1.94.Final
+
+
+ io.netty
+ netty-transport-native-unix-common
+ 4.1.94.Final
+
+
+
+
+
+ cve
+
+ true
+
+
+
+
+ com.amazonaws
+ aws-java-sdk-s3
+ 1.12.520
+
+
+ com.google.oauth-client
+ google-oauth-client
+ 1.34.1
+
+
+ com.google.http-client
+ google-http-client-gson
+ 1.42.0
+
+
+ com.google.protobuf
+ protobuf-java
+ 3.23.4
+
+
+ com.google.protobuf
+ protobuf-java-util
+ 3.23.4
+
+
+ org.hsqldb
+ hsqldb
+ 2.7.2
+
+
+ org.xerial
+ sqlite-jdbc
+ 3.42.0.0
+
+
+
+ com.squareup.okhttp3
+ okhttp
+ 4.10.0
+
+
+
+
+
diff --git a/src/starters/event-bus/pom.xml b/src/starters/event-bus/pom.xml
index dcfeeb29e..356b6f971 100644
--- a/src/starters/event-bus/pom.xml
+++ b/src/starters/event-bus/pom.xml
@@ -17,18 +17,6 @@
org.springframework.cloud
spring-cloud-starter-bus-amqp
-
-
- org.jsoup
-
- jsoup
-
-
-
-
- org.jsoup
- jsoup
- 1.14.3