Your Custom Rulepack

If your project does not follow the standard Maven build process, the Maven RulePack’s default behaviour will not accurately model your source code dependencies.

To address the unique characteristics of your build process, WhiteHat will propose customization to our Maven rulepack:

  • All discovered pom.xml files will be inspected for specified modules.

  • Modules will be compiled locally using a custom command, allowing us to build snapshots and accurately fetch dependencies. For Kaiser, this will command is: mvn –s /path/to/settings.xml –U –DskipTests clean install

  • Sentinel Source does not require successful module compilation. However, if the structure of your build process requires successful compilation of submodules for correct dependency resolution, a compilation error will result in inadequate coverage for references to that module and its dependencies.

As an alternative to having WhiteHat Security create a bespoke RulePack suited to your build system’s specific characteristics, you can try the following workarounds:

  • Do not allow snapshot versioning in the branch of projects or modules intended for WhiteHat Scanning.

  • Store snapshots in the internal Maven artifactory.

  • Utilize the Jenkins plugin to bypass the need for Maven dependency resolution.