Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

To reduce the number of ONAP security vulnerabilities, ONAP is using the O-Parent project to provide centralized version management of common 3rd party Java libraries.  This has the benefit of reducing the number of disparate versions of the same 3rd party package that is being used across ONAP, and reduces the attack surface correspondingly.  

Managed 3rd Party Libraries

The current list of standard 3rd party library package versions can be seen here:

https://git.onap.org/oparent/tree/dependencies/pom.xml


How to use

Option 1: Inherit from O-Parent

The managed package versions are automatically imported into your project poms if you inherit from the latest version of oparent: O-Parent (oparent).  Most ONAP projects should implement this option.

Set the parent POM in your pom.xml as follows.  Be sure to use the current version of oparent as declared in the version manifest; see ONAP Version Manifest Maven Plugin.

<parent>
    <groupId>org.onap.oparent</groupId>
    <artifactId>oparent</artifactId>
    <version>1.2.0</version>
    <relativePath/>
</parent>


Option 2: Manually Import Dependency Versions

If your project has specific technical reasons that prevents it from being able to inherit from O-Parent (e.g. CCSDK), you can manually import the dependency versions.  To do so:

Add the following dependency to the dependencyManagement section in your pom.xml.  Be sure to use the current version of oparent:dependencies as declared in the version manifest; see ONAP Version Manifest Maven Plugin.

  <dependencyManagement>
    <dependencies>
      <dependency>
        <groupId>org.onap.oparent</groupId>
        <artifactId>dependencies</artifactId>
        <version>1.2.0</version>
        <type>pom</type>
        <scope>import</scope>
      </dependency>
    </dependencies>
  </dependencyManagement>
  • No labels