[EAGLE-1102] Integrate CVE maven plugin

Purpose

Purpose of this pull request is to integrate the CVE maven plugin for eagle to check security vulnerabilities in dependencies during build time. This will help to detect publicly disclosed vulnerabilities contained within eagle’s dependencies (and the dependencies of all child modules).

Usage

This plugin configuration is attached to the mvn verify phase. Therefore, this will run automatically when we perform a mvn clean verify. Once the mvn process is completed, the plugin will create a dependency-check-report.html report in target/ dir with the detect vulnerabilities.

In case if you need to skip this plugin, use owasp.check.skip=true property (i.e mvn clean verify -Dowasp.check.skip=true).

Remarks

Be sure to do all of the following to help us incorporate your contribution quickly and easily:

Make sure the PR title is formatted like: [EAGLE-<Jira issue #>] Description of pull request

Make sure tests pass via mvn clean verify. (Even better, enable

Travis-CI on your fork and ensure the whole test matrix passes).

Replace <Jira issue #> in the title with the actual Jira issue
```
number, if there is one.
```

If this contribution is large, please file an Apache

[Individual Contributor License Agreement](https://www.apache.org/licenses/icla.txt).

Author: Grainier grainier@wso2.com

Closes #1005 from grainier/EAGLE-1102.

Apache Eagle

The intelligent monitoring and alerting solution instantly analyzes big data platforms for security and performance

Apache® Eagle™ is an open source analytics solution for identifying security and performance issues instantly on big data platforms e.g. Apache Hadoop, Apache Spark, NoSQL etc. It analyzes data activities, yarn applications, jmx metrics, and daemon logs etc., provides state-of-the-art alert engine to identify security breach, performance issues and shows insights.

For more details, please visit https://eagle.apache.org

Documentation

You can find the latest Eagle documentation on https://eagle.apache.org. This README file only contains basic setup instructions.

Downloads

Latest Release
- eagle-0.5.0
Archived Releases

Getting Started

Prerequisites

JDK 8: Java Environment Version 1.8
Apache Maven: Project management and comprehension tool Version 3.x
NPM: Node package management tool Version 3.x

Building Eagle

Since version 0.5, Eagle is only built on JDK 8.

Eagle is built using Apache Maven. NPM should be installed (On MAC OS try “brew install node”). To build Eagle, run:

mvn clean package -DskipTests

After successfully building, you will find eagle binary tarball at:

eagle-assembly/target/eagle-${VERSION}-bin.tar.gz

Testing Eagle

mvn clean test

Developing Eagle

(Optional) Install/Start HDP Sandbox which provide an all-in-one virtual machine with most dependency services like Zookeeper, Kafka, HBase, etc and monitored hadoop components.
Import Eagle as maven project with popular IDE like IntelliJ IDEA
Start Eagle Server in debug mode by running (default http port: 9090, default smtp port: 5025)
```
  org.apache.eagle.server.ServerDebug
```
Which will start some helpful services for convenient development:
- Local Eagle Service on http://localhost:9090
- Local SMTP Service on localhost:5025 with REST API at http://localhost:9090/rest/mail
Start Eagle Apps with Eagle Web UI in LOCAL MODE.

Getting Help

Mail: The fastest way to get response from eagle community is to send email to the mail list dev@eagle.apache.org, and remember to subscribe our mail list via dev-subscribe@eagle.apache.org
Slack: Join Eagle community on Slack via https://apacheeagle.slack.com
JIRA: Report requirements, problems or bugs through apache jira system via https://issues.apache.org/jira/browse/EAGLE

FAQ

https://cwiki.apache.org/confluence/display/EAG/FAQ

Contributing

Please review the Contribution to Eagle Guide for information on how to get started contributing to the project.

License

Licensed under the Apache License, Version 2.0. More details, please refer to LICENSE file.