maven-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Long <>
Subject aggregation and dependency resolution
Date Thu, 05 Nov 2015 10:33:31 GMT
I have been struggling with creating an aggregate goal that successfully works
and I was hoping someone on this list could help. The plugin is
dependency-check-maven <
>; it performs identification (CPE <>) and
known vulnerability (CVE <>) reporting on dependencies
used by the project.

In order to perform CPE identification, the plugin needs maven to resolve each
modules’ dependencies. If we have a simple multi-module project:


If one defines the aggregate goal in the Parent, when the plugin
executes dependency
resolution (obviously) hasn’t executed on the child modules. As such, my
plugin is unable analyze the dependencies of the child modules.

I am currently using a hack, which turns out to be broken, that waits until the
plugin executes in the last module in the reactor and then builds the aggregate
report and over-writes the blank report that was generated when Parent was
processed. This “worked” in some cases, but fails for anything beyond
site:site. Running site:stage, due to execution order, would copy the blank
report into the staging directory prior to the correct report being

Does anyone have any suggestions for building an aggregate goal that requires
dependency resolution of all child modules? Is there a convenient API that
I am missing to trigger dependency resolution in child modeules?

Thanks in advance,


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message