shanehughes/spring-rest

Spring Rest - A RESTful API written in Spring Boot

This is a simple app using Spring Boot as part of Red Hat OpenShift Application Runtimes.

Usage to Run Locally

1. git clone
2. mvn spring-boot:run

OpenAPI (formerly known as Swagger) Support

The app uses Spring Fox to generate an OpenAPI spec. You can view the spec at /swagger.json or Swagger UI at /swagger-ui.html.

Added Plugins for Quality and Security

1. SonarQube Scanner Plugin. NOTE: This plugin is a client and needs to connect to a running sonar server.

   • Usage:
     • mvn sonar:sonar to execute.
     • Plugin is currently not tied to the standard maven lifecyle.
   • To help execute the scan in Jenkins pipelines, the sonarqubeStaticAnalysis() function from the pipeline-library will execute the goal in your build process.
   • SonarQube plugin docs

2. Jacoco Maven Plugin

   • Usage:
     • mvn package to execute in standard maven lifecycle
     • mvn jacoco:report to execute the plugin standalone
   • Code coverage reports will then be found in target/site.
   • Jacoco plugin docs

3. OWASP Dependency Check

   • Usage:
     • mvn verify to execute in standard maven lifecycle
     • mvn dependency-check:check to execute the plugin standalone
   • The dependency-check plugin will check dependencies for vulnerabilities against the National Vulnerability Database hosted by NIST and fail should there be any dependency with a CVSS score greater or equal to that specified in the pom file.
   • Maven plugin docs
   • OWASP Dependency Check docs
   • Continuous security and OWASP Dependency Check blog