From 5ad50773d29f1266014904a461500b48e92baa76 Mon Sep 17 00:00:00 2001
From: Bruce Jin <jtyself@amazon.com>
Date: Fri, 12 Apr 2024 00:16:33 +0000
Subject: [PATCH] remove nd-cve scanning in aws

---
 NOTICE                                        | 12 +-----------
 .../register-aws/build-aws/buildspec.yaml     |  4 +---
 provider/register-aws/pom.xml                 | 19 -------------------
 3 files changed, 2 insertions(+), 33 deletions(-)

diff --git a/NOTICE b/NOTICE
index 504fdb07b..529bac35d 100644
--- a/NOTICE
+++ b/NOTICE
@@ -509,8 +509,6 @@ GPL-2.0-only
 ========================================================================
 The following software have components provided under the terms of this license:
 
-- Jakarta Expression Language API (from https://projects.eclipse.org/projects/ee4j.el)
-- Jakarta RESTful WS API (from https://repo1.maven.org/maven2/jakarta/ws/rs/jakarta.ws.rs-api)
 - JavaMail API jar (from https://repo1.maven.org/maven2/javax/mail/javax.mail-api)
 - tomcat-embed-core (from http://tomcat.apache.org/)
 
@@ -536,13 +534,6 @@ The following software have components provided under the terms of this license:
 - jersey-core-common (from https://repo1.maven.org/maven2/org/glassfish/jersey/core/jersey-common)
 - tomcat-embed-core (from http://tomcat.apache.org/)
 
-========================================================================
-GPL-3.0-only
-========================================================================
-The following software have components provided under the terms of this license:
-
-- Jakarta Expression Language API (from https://projects.eclipse.org/projects/ee4j.el)
-
 ========================================================================
 ISC
 ========================================================================
@@ -629,7 +620,7 @@ The following software have components provided under the terms of this license:
 - mockito-inline (from http://mockito.org, https://github.com/mockito/mockito)
 - mockito-junit-jupiter (from https://github.com/mockito/mockito)
 - msal4j (from https://github.com/AzureAD/microsoft-authentication-library-for-java)
-- msal4j-persistence-extension (from https://github.com/AzureAD/microsoft-authentication-extensions-for-java)
+- msal4j-persistence-extension (from https://github.com/AzureAD/microsoft-authentication-extensions-for-java, https://github.com/AzureAD/microsoft-authentication-library-for-java)
 - qpid-proton-j-extensions (from https://github.com/Azure/qpid-proton-j-extensions)
 
 ========================================================================
@@ -680,7 +671,6 @@ gpl-2.0-classpath
 The following software have components provided under the terms of this license:
 
 - Jakarta Annotations API (from https://projects.eclipse.org/projects/ee4j.ca)
-- Jakarta RESTful WS API (from https://repo1.maven.org/maven2/jakarta/ws/rs/jakarta.ws.rs-api)
 - Jakarta Validation API (from https://beanvalidation.org)
 
 ========================================================================
diff --git a/provider/register-aws/build-aws/buildspec.yaml b/provider/register-aws/build-aws/buildspec.yaml
index 2c062c88c..7f13da0af 100644
--- a/provider/register-aws/build-aws/buildspec.yaml
+++ b/provider/register-aws/build-aws/buildspec.yaml
@@ -91,9 +91,7 @@ phases:
         python provider/register-aws/build-aws/build-info.py --branch ${CODEBUILD_SOURCE_VERSION} --commit ${CODEBUILD_RESOLVED_SOURCE_VERSION} \
           --buildid ${CODEBUILD_BUILD_ID} --buildnumber ${CODEBUILD_BUILD_NUMBER} --reponame ${REPO_NAME} --outdir ${OUTPUT_DIR} \
           --artifact ${ECR_IMAGE}
-  post_build:
-    commands:
-      - cp provider/register-aws/target/dependency-check-report.html ${OUTPUT_DIR}
+
 reports:
   SurefireReports: # CodeBuild will create a report group called "SurefireReports".
     files: #Store all of the files
diff --git a/provider/register-aws/pom.xml b/provider/register-aws/pom.xml
index 94bae2e1e..9318e8ca7 100644
--- a/provider/register-aws/pom.xml
+++ b/provider/register-aws/pom.xml
@@ -184,25 +184,6 @@
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <groupId>org.owasp</groupId>
-                <artifactId>dependency-check-maven</artifactId>
-                <version>7.4.4</version>
-                <configuration>
-                    <!-- .Disable Net content-->
-                    <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
-                    <nugetconfAnalyzerEnabled>false</nugetconfAnalyzerEnabled>
-                    <nuspecAnalyzerEnabled>false</nuspecAnalyzerEnabled>
-                    <failOnError>false</failOnError>
-                </configuration>
-                <executions>
-                    <execution>
-                        <goals>
-                            <goal>check</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
             <plugin>
 	            <groupId>org.apache.maven.plugins</groupId>
 	            <artifactId>maven-surefire-plugin</artifactId>
-- 
GitLab