Maven: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Jochen (Diskussion | Beiträge) |
Jochen (Diskussion | Beiträge) |
||
| (10 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 4: | Zeile 4: | ||
= Plugins = | = Plugins = | ||
== OWASP Dependency Track == | |||
[https://owasp.org/www-project-dependency-track/ OWASP Dependency Track] | [https://owasp.org/www-project-dependency-track/ OWASP Dependency Track] | ||
| Zeile 12: | Zeile 10: | ||
<br/> | <br/> | ||
=== CycloneDX Plugin === | |||
[https://github.com/CycloneDX/cyclonedx-maven-plugin OWASP Dependency Track - CycloneDX Plugin] | [https://github.com/CycloneDX/cyclonedx-maven-plugin OWASP Dependency Track - CycloneDX Plugin] | ||
==== Single-Module Build ==== | |||
<syntaxhighlight lang="xml"> | |||
<!-- ++++++++++ [OWASP Dependency Track - CycloneDX Plugin] ++++++++++ --> | |||
<!-- CLI: mvn org.cyclonedx:cyclonedx-maven-plugin:makeBom --> | |||
<!-- CLI: mvn cyclonedx:makeBom --> | |||
<!-- CLI: mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom --> | |||
<!-- CLI: mvn cyclonedx:makeAggregateBom --> | |||
<plugin> | |||
<groupId>org.cyclonedx</groupId> | |||
<artifactId>cyclonedx-maven-plugin</artifactId> | |||
<version>1.6.4</version> | |||
<executions> | |||
<execution> | |||
<phase>verify</phase> | |||
<goals> | |||
<goal>makeBom</goal> | |||
</goals> | |||
</execution> | |||
</executions> | |||
<configuration> | |||
<schemaVersion>1.1</schemaVersion> | |||
<includeBomSerialNumber>true</includeBomSerialNumber> | |||
<includeCompileScope>true</includeCompileScope> | |||
<includeProvidedScope>true</includeProvidedScope> | |||
<includeRuntimeScope>true</includeRuntimeScope> | |||
<includeSystemScope>true</includeSystemScope> | |||
<includeTestScope>false</includeTestScope> | |||
<includeLicenseText>true</includeLicenseText> | |||
<includeDependencyGraph>true</includeDependencyGraph> | |||
</configuration> | |||
</plugin> | |||
</syntaxhighlight> | |||
<br/> | |||
==== Multi-Module Build ==== | |||
<syntaxhighlight lang="xml"> | <syntaxhighlight lang="xml"> | ||
| Zeile 52: | Zeile 89: | ||
<br/> | <br/> | ||
=== Upload Plugin === | |||
[https://github.com/pmckeown/dependency-track-maven-plugin OWASP Dependency Track - Upload Plugin] | |||
<syntaxhighlight lang="xml"> | <syntaxhighlight lang="xml"> | ||
| Zeile 85: | Zeile 122: | ||
<br/> | <br/> | ||
== OWASP Dependency Check == | |||
[https://owasp.org/www-project-dependency-check/ OWASP Dependency Check] | |||
=== Signle-Module Build === | |||
<syntaxhighlight lang="xml"> | <syntaxhighlight lang="xml"> | ||
| Zeile 93: | Zeile 132: | ||
<!-- CLI: mvn org.owasp:dependency-check-maven:check --> | <!-- CLI: mvn org.owasp:dependency-check-maven:check --> | ||
<!-- CLI: mvn dependency-check:check --> | |||
<!-- CLI: mvn org.owasp:dependency-check-maven:aggregate --> | <!-- CLI: mvn org.owasp:dependency-check-maven:aggregate --> | ||
<!-- CLI: dependency-check:aggregate --> | |||
<plugin> | |||
<groupId>org.owasp</groupId> | |||
<artifactId>dependency-check-maven</artifactId> | |||
<version>5.3.2</version> | |||
<configuration> | |||
<skipProvidedScope>false</skipProvidedScope> | |||
<skipRuntimeScope>false</skipRuntimeScope> | |||
<retireJsAnalyzerEnabled>false</retireJsAnalyzerEnabled> | |||
</configuration> | |||
<executions> | |||
<execution> | |||
<goals> | |||
<goal>check</goal> | |||
</goals> | |||
</execution> | |||
</executions> | |||
</plugin> | |||
</syntaxhighlight> | |||
<br/> | |||
=== Multi-Module Build === | |||
<syntaxhighlight lang="xml"> | |||
<!-- ++++++++++ [OWASP Dependency Check Plugin] ++++++++++ --> | |||
<!-- CLI: mvn org.owasp:dependency-check-maven:check --> | |||
<!-- CLI: mvn dependency-check:check --> | |||
<!-- CLI: mvn org.owasp:dependency-check-maven:aggregate --> | |||
<!-- CLI: dependency-check:aggregate --> | |||
<!-- Caution: This plugin configuration (aggregated and not inherited) requires, that the project have been installed --> | |||
<!-- (mvn install) at least once. Otherwise the OWASP Dependency Check creates a virtual dependency tree. --> | |||
<plugin> | <plugin> | ||
<groupId>org.owasp</groupId> | <groupId>org.owasp</groupId> | ||
| Zeile 116: | Zeile 189: | ||
<br/> | <br/> | ||
== Sonatype OSS Index == | |||
[https://sonatype.github.io/ossindex-maven/maven-plugin/ Sonatype OSS Index] | |||
=== Single-Module Build === | |||
<syntaxhighlight lang="xml"> | <syntaxhighlight lang="xml"> | ||
<!-- ++++++++++ [Sonatype OSS Index] ++++++++++ --> | <!-- ++++++++++ [Sonatype OSS Index Plugin] ++++++++++ --> | ||
<!-- CLI: mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit --> | <!-- CLI: mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit --> | ||
| Zeile 130: | Zeile 205: | ||
<groupId>org.sonatype.ossindex.maven</groupId> | <groupId>org.sonatype.ossindex.maven</groupId> | ||
<artifactId>ossindex-maven-plugin</artifactId> | <artifactId>ossindex-maven-plugin</artifactId> | ||
<version>3.1.0</version> | |||
<executions> | |||
<execution> | |||
<id>audit-dependencies</id> | |||
<phase>validate</phase> | |||
<goals> | |||
<goal>audit</goal> | |||
</goals> | |||
</execution> | |||
</executions> | |||
<configuration> | |||
<fail>false</fail> | |||
</configuration> | |||
</plugin> | |||
</syntaxhighlight> | |||
<br/> | |||
=== Multi-Module Build === | |||
<syntaxhighlight lang="xml"> | |||
<!-- ++++++++++ [Sonatype OSS Index Plugin] ++++++++++ --> | |||
<!-- CLI: mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit --> | |||
<!-- CLI: mvn ossindex:audit --> | |||
<!-- CLI: mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate --> | |||
<!-- CLI: mvn ossindex:audit-aggregate --> | |||
<!-- Caution: This plugin configuration (aggregated and non-inherited) requires, that the project have been installed --> | |||
<!-- (mvn install) at least once. Otherwise the OWASP Dependency Check creates a virtual dependency tree. --> | |||
<plugin> | |||
<groupId>org.sonatype.ossindex.maven</groupId> | |||
<artifactId>ossindex-maven-plugin</artifactId> | |||
<version>3.1.0</version> | |||
<executions> | <executions> | ||
<execution> | <execution> | ||
| Zeile 139: | Zeile 247: | ||
</execution> | </execution> | ||
</executions> | </executions> | ||
<configuration> | |||
<fail>false</fail> | |||
</configuration> | |||
<inherited>false</inherited> | <inherited>false</inherited> | ||
</plugin> | |||
</syntaxhighlight> | |||
<br/> | |||
== Echo Plugin == | |||
<syntaxhighlight lang="xml"> | |||
<!-- ++++++++++ [Echo Plugin] ++++++++++ --> | |||
<plugin> | |||
<groupId>com.soebes.maven.plugins</groupId> | |||
<artifactId>echo-maven-plugin</artifactId> | |||
<version>0.4.0</version> | |||
<executions> | |||
<execution> | |||
<id>echo-first-time</id> | |||
<phase>validate</phase> | |||
<goals> | |||
<goal>echo</goal> | |||
</goals> | |||
<configuration> | |||
<echos> | |||
<echo>Project Version: ${project.version}</echo> | |||
</echos> | |||
</configuration> | |||
</execution> | |||
</executions> | |||
</plugin> | |||
</syntaxhighlight> | |||
<br/> | |||
== Antrun Plugin == | |||
<syntaxhighlight lang="xml"> | |||
<!-- ++++++++++ [Ant Run Plugin] ++++++++++ --> | |||
<plugin> | |||
<groupId>org.apache.maven.plugins</groupId> | |||
<artifactId>maven-antrun-plugin</artifactId> | |||
<version>3.0.0</version> | |||
<executions> | |||
<execution> | |||
<phase>validate</phase> | |||
<goals> | |||
<goal>run</goal> | |||
</goals> | |||
<configuration> | |||
<exportAntProperties>true</exportAntProperties> | |||
<target> | |||
<condition property="projectVersion" value="develop" else="${project.version}"> | |||
<contains string="${project.version}" substring="-SNAPSHOT" /> | |||
</condition> | |||
<echo message="${projectVersion}"/> | |||
</target> | |||
</configuration> | |||
</execution> | |||
</executions> | |||
</plugin> | </plugin> | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<br/> | <br/> | ||
Aktuelle Version vom 17. September 2020, 08:18 Uhr
Plugins
OWASP Dependency Track
CycloneDX Plugin
OWASP Dependency Track - CycloneDX Plugin
Single-Module Build
<!-- ++++++++++ [OWASP Dependency Track - CycloneDX Plugin] ++++++++++ -->
<!-- CLI: mvn org.cyclonedx:cyclonedx-maven-plugin:makeBom -->
<!-- CLI: mvn cyclonedx:makeBom -->
<!-- CLI: mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom -->
<!-- CLI: mvn cyclonedx:makeAggregateBom -->
<plugin>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-maven-plugin</artifactId>
<version>1.6.4</version>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>makeBom</goal>
</goals>
</execution>
</executions>
<configuration>
<schemaVersion>1.1</schemaVersion>
<includeBomSerialNumber>true</includeBomSerialNumber>
<includeCompileScope>true</includeCompileScope>
<includeProvidedScope>true</includeProvidedScope>
<includeRuntimeScope>true</includeRuntimeScope>
<includeSystemScope>true</includeSystemScope>
<includeTestScope>false</includeTestScope>
<includeLicenseText>true</includeLicenseText>
<includeDependencyGraph>true</includeDependencyGraph>
</configuration>
</plugin>
Multi-Module Build
<!-- ++++++++++ [OWASP Dependency Track - CycloneDX Plugin] ++++++++++ -->
<!-- CLI: mvn org.cyclonedx:cyclonedx-maven-plugin:makeBom -->
<!-- CLI: mvn cyclonedx:makeBom -->
<!-- CLI: mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom -->
<!-- CLI: mvn cyclonedx:makeAggregateBom -->
<plugin>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-maven-plugin</artifactId>
<version>1.6.4</version>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>makeAggregateBom</goal>
</goals>
</execution>
</executions>
<configuration>
<schemaVersion>1.1</schemaVersion>
<includeBomSerialNumber>true</includeBomSerialNumber>
<includeCompileScope>true</includeCompileScope>
<includeProvidedScope>true</includeProvidedScope>
<includeRuntimeScope>true</includeRuntimeScope>
<includeSystemScope>true</includeSystemScope>
<includeTestScope>false</includeTestScope>
<includeLicenseText>true</includeLicenseText>
<includeDependencyGraph>true</includeDependencyGraph>
</configuration>
<inherited>false</inherited>
</plugin>
Upload Plugin
OWASP Dependency Track - Upload Plugin
<!-- ++++++++++ [OWASP Dependency Track - Upload Plugin] ++++++++++ -->
<!-- Caution: The dependency-track-maven-plugin must be specified after the cyclonedx-maven-plugin.
Because both plugins are processed in the phase 'verify'. -->
<!-- CLI: mvn dependency-track:upload-bom -->
<plugin>
<groupId>io.github.pmckeown</groupId>
<artifactId>dependency-track-maven-plugin</artifactId>
<version>0.8.1</version>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>upload-bom</goal>
</goals>
</execution>
</executions>
<configuration>
<dependencyTrackBaseUrl>http://...</dependencyTrackBaseUrl>
<apiKey>${dependencytrack.apikey}</apiKey>
</configuration>
<inherited>false</inherited>
</plugin>
OWASP Dependency Check
Signle-Module Build
<!-- ++++++++++ [OWASP Dependency Check Plugin] ++++++++++ -->
<!-- CLI: mvn org.owasp:dependency-check-maven:check -->
<!-- CLI: mvn dependency-check:check -->
<!-- CLI: mvn org.owasp:dependency-check-maven:aggregate -->
<!-- CLI: dependency-check:aggregate -->
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>5.3.2</version>
<configuration>
<skipProvidedScope>false</skipProvidedScope>
<skipRuntimeScope>false</skipRuntimeScope>
<retireJsAnalyzerEnabled>false</retireJsAnalyzerEnabled>
</configuration>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
Multi-Module Build
<!-- ++++++++++ [OWASP Dependency Check Plugin] ++++++++++ -->
<!-- CLI: mvn org.owasp:dependency-check-maven:check -->
<!-- CLI: mvn dependency-check:check -->
<!-- CLI: mvn org.owasp:dependency-check-maven:aggregate -->
<!-- CLI: dependency-check:aggregate -->
<!-- Caution: This plugin configuration (aggregated and not inherited) requires, that the project have been installed -->
<!-- (mvn install) at least once. Otherwise the OWASP Dependency Check creates a virtual dependency tree. -->
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>5.3.2</version>
<configuration>
<skipProvidedScope>false</skipProvidedScope>
<skipRuntimeScope>false</skipRuntimeScope>
<retireJsAnalyzerEnabled>false</retireJsAnalyzerEnabled>
</configuration>
<executions>
<execution>
<goals>
<goal>aggregate</goal>
</goals>
</execution>
</executions>
<inherited>false</inherited>
</plugin>
Sonatype OSS Index
Single-Module Build
<!-- ++++++++++ [Sonatype OSS Index Plugin] ++++++++++ -->
<!-- CLI: mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -->
<!-- CLI: mvn ossindex:audit -->
<!-- CLI: mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate -->
<!-- CLI: mvn ossindex:audit-aggregate -->
<plugin>
<groupId>org.sonatype.ossindex.maven</groupId>
<artifactId>ossindex-maven-plugin</artifactId>
<version>3.1.0</version>
<executions>
<execution>
<id>audit-dependencies</id>
<phase>validate</phase>
<goals>
<goal>audit</goal>
</goals>
</execution>
</executions>
<configuration>
<fail>false</fail>
</configuration>
</plugin>
Multi-Module Build
<!-- ++++++++++ [Sonatype OSS Index Plugin] ++++++++++ -->
<!-- CLI: mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -->
<!-- CLI: mvn ossindex:audit -->
<!-- CLI: mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate -->
<!-- CLI: mvn ossindex:audit-aggregate -->
<!-- Caution: This plugin configuration (aggregated and non-inherited) requires, that the project have been installed -->
<!-- (mvn install) at least once. Otherwise the OWASP Dependency Check creates a virtual dependency tree. -->
<plugin>
<groupId>org.sonatype.ossindex.maven</groupId>
<artifactId>ossindex-maven-plugin</artifactId>
<version>3.1.0</version>
<executions>
<execution>
<id>audit-dependencies</id>
<phase>validate</phase>
<goals>
<goal>audit-aggregate</goal>
</goals>
</execution>
</executions>
<configuration>
<fail>false</fail>
</configuration>
<inherited>false</inherited>
</plugin>
Echo Plugin
<!-- ++++++++++ [Echo Plugin] ++++++++++ -->
<plugin>
<groupId>com.soebes.maven.plugins</groupId>
<artifactId>echo-maven-plugin</artifactId>
<version>0.4.0</version>
<executions>
<execution>
<id>echo-first-time</id>
<phase>validate</phase>
<goals>
<goal>echo</goal>
</goals>
<configuration>
<echos>
<echo>Project Version: ${project.version}</echo>
</echos>
</configuration>
</execution>
</executions>
</plugin>
Antrun Plugin
<!-- ++++++++++ [Ant Run Plugin] ++++++++++ -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-antrun-plugin</artifactId>
<version>3.0.0</version>
<executions>
<execution>
<phase>validate</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<exportAntProperties>true</exportAntProperties>
<target>
<condition property="projectVersion" value="develop" else="${project.version}">
<contains string="${project.version}" substring="-SNAPSHOT" />
</condition>
<echo message="${projectVersion}"/>
</target>
</configuration>
</execution>
</executions>
</plugin>