maven-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Long <jeremy.l...@gmail.com>
Subject aggregation and dependency resolution
Date Thu, 05 Nov 2015 10:33:31 GMT
I have been struggling with creating an aggregate goal that successfully works
and I was hoping someone on this list could help. The plugin is
dependency-check-maven <
https://github.com/jeremylong/DependencyCheck/tree/master/dependency-check-maven
>; it performs identification (CPE <https://nvd.nist.gov/cpe.cfm>) and
known vulnerability (CVE <http://cve.mitre.org/>) reporting on dependencies
used by the project.

In order to perform CPE identification, the plugin needs maven to resolve each
modules’ dependencies. If we have a simple multi-module project:

Parent
-Child1
-Child2

If one defines the aggregate goal in the Parent, when the plugin
executes dependency
resolution (obviously) hasn’t executed on the child modules. As such, my
plugin is unable analyze the dependencies of the child modules.

I am currently using a hack, which turns out to be broken, that waits until the
plugin executes in the last module in the reactor and then builds the aggregate
report and over-writes the blank report that was generated when Parent was
processed. This “worked” in some cases, but fails for anything beyond
site:site. Running site:stage, due to execution order, would copy the blank
report into the staging directory prior to the correct report being
generated.

Does anyone have any suggestions for building an aggregate goal that requires
dependency resolution of all child modules? Is there a convenient API that
I am missing to trigger dependency resolution in child modeules?

Thanks in advance,

Jeremy

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message