Maven: Unterschied zwischen den Versionen

Aus Wiki - Jochen Hammann
Zur Navigation springen Zur Suche springen
Zeile 4: Zeile 4:
= Plugins =
= Plugins =


== Security ==
== OWASP Dependency Track ==
 
=== OWASP Dependency Track ===


[https://owasp.org/www-project-dependency-track/ OWASP Dependency Track]
[https://owasp.org/www-project-dependency-track/ OWASP Dependency Track]
Zeile 12: Zeile 10:
<br/>
<br/>


==== CycloneDX Plugin ====
=== CycloneDX Plugin ===


[https://github.com/CycloneDX/cyclonedx-maven-plugin OWASP Dependency Track - CycloneDX Plugin]
[https://github.com/CycloneDX/cyclonedx-maven-plugin OWASP Dependency Track - CycloneDX Plugin]


===== Multi-Module Build =====
==== Multi-Module Build ====


<syntaxhighlight lang="xml">
<syntaxhighlight lang="xml">
Zeile 54: Zeile 52:
<br/>
<br/>


==== Upload Plugin ====
=== Upload Plugin ===


[https://github.com/pmckeown/dependency-track-maven-plugin OWASP Dependency Track - Upload Plugin]
[https://github.com/pmckeown/dependency-track-maven-plugin OWASP Dependency Track - Upload Plugin]
Zeile 87: Zeile 85:
<br/>
<br/>


=== OWASP Dependency Check ===
== OWASP Dependency Check ==


[https://owasp.org/www-project-dependency-check/ OWASP Dependency Check]
[https://owasp.org/www-project-dependency-check/ OWASP Dependency Check]


==== Multi-Module Build ====
=== Multi-Module Build ===


<syntaxhighlight lang="xml">
<syntaxhighlight lang="xml">
Zeile 124: Zeile 122:
<br/>
<br/>


=== Sonatype OSS Index ===
== Sonatype OSS Index ==


[https://sonatype.github.io/ossindex-maven/maven-plugin/ Sonatype OSS Index]
[https://sonatype.github.io/ossindex-maven/maven-plugin/ Sonatype OSS Index]


==== Multi-Module Build ====
=== Multi-Module Build ===


<syntaxhighlight lang="xml">
<syntaxhighlight lang="xml">
Zeile 163: Zeile 161:
     </configuration>
     </configuration>
     <inherited>false</inherited>
     <inherited>false</inherited>
</plugin>
</syntaxhighlight>
<br/>
== Echo Plugin ==
<syntaxhighlight lang="xml">
<!-- ++++++++++ [Echo Plugin] ++++++++++ -->
<plugin>
    <groupId>com.soebes.maven.plugins</groupId>
    <artifactId>echo-maven-plugin</artifactId>
    <version>0.4.0</version>
    <executions>
        <execution>
            <id>echo-first-time</id>
            <phase>validate</phase>
            <goals>
                <goal>echo</goal>
            </goals>
            <configuration>
                <echos>
                    <echo>Project Version: ${project.version}</echo>
                </echos>
            </configuration>
        </execution>
    </executions>
</plugin>
</syntaxhighlight>
<br/>
== Antrun Plugin ==
<syntaxhighlight lang="xml">
<!-- ++++++++++ [Ant Run Plugin] ++++++++++ -->
<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-antrun-plugin</artifactId>
    <version>3.0.0</version>
    <executions>
        <execution>
            <phase>validate</phase>
            <goals>
                <goal>run</goal>
            </goals>
            <configuration>
                <exportAntProperties>true</exportAntProperties>
                <target>
                    <condition property="projectVersion" value="develop" else="${project.version}">
                        <contains string="${project.version}" substring="-SNAPSHOT" />
                    </condition>
                    <echo message="${projectVersion}"/>
                </target>
            </configuration>
        </execution>
    </executions>
</plugin>
</plugin>
</syntaxhighlight>
</syntaxhighlight>


<br/>
<br/>

Version vom 28. Juli 2020, 15:30 Uhr


Plugins

OWASP Dependency Track

OWASP Dependency Track


CycloneDX Plugin

OWASP Dependency Track - CycloneDX Plugin

Multi-Module Build

<!-- ++++++++++ [OWASP Dependency Track - CycloneDX Plugin] ++++++++++ -->

<!-- CLI: mvn org.cyclonedx:cyclonedx-maven-plugin:makeBom -->
<!-- CLI: mvn cyclonedx:makeBom -->
<!-- CLI: mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom -->
<!-- CLI: mvn cyclonedx:makeAggregateBom -->
<plugin>
    <groupId>org.cyclonedx</groupId>
    <artifactId>cyclonedx-maven-plugin</artifactId>
    <version>1.6.4</version>
    <executions>
        <execution>
            <phase>verify</phase>
            <goals>
                <goal>makeAggregateBom</goal>
            </goals>
        </execution>
    </executions>
    <configuration>
        <schemaVersion>1.1</schemaVersion>
        <includeBomSerialNumber>true</includeBomSerialNumber>
        <includeCompileScope>true</includeCompileScope>
        <includeProvidedScope>true</includeProvidedScope>
        <includeRuntimeScope>true</includeRuntimeScope>
        <includeSystemScope>true</includeSystemScope>
        <includeTestScope>false</includeTestScope>
        <includeLicenseText>true</includeLicenseText>
        <includeDependencyGraph>true</includeDependencyGraph>
    </configuration>
    <inherited>false</inherited>
</plugin>


Upload Plugin

OWASP Dependency Track - Upload Plugin 

<!-- ++++++++++ [OWASP Dependency Track - Upload Plugin] ++++++++++ -->

<!-- Caution: The dependency-track-maven-plugin must be specified after the cyclonedx-maven-plugin.
Because both plugins are processed in the phase 'verify'. -->

<!-- CLI: mvn dependency-track:upload-bom  -->
<plugin>
    <groupId>io.github.pmckeown</groupId>
    <artifactId>dependency-track-maven-plugin</artifactId>
    <version>0.8.1</version>
    <executions>
        <execution>
            <phase>verify</phase>
            <goals>
                <goal>upload-bom</goal>
            </goals>
        </execution>
    </executions>
    <configuration>
        <dependencyTrackBaseUrl>http://...</dependencyTrackBaseUrl>
        <apiKey>${dependencytrack.apikey}</apiKey>
    </configuration>
    <inherited>false</inherited>
</plugin>


OWASP Dependency Check

OWASP Dependency Check

Multi-Module Build

<!-- ++++++++++ [OWASP Dependency Check Plugin] ++++++++++ -->

<!-- CLI: mvn org.owasp:dependency-check-maven:check -->
<!-- CLI: mvn dependency-check:check -->
<!-- CLI: mvn org.owasp:dependency-check-maven:aggregate -->
<!-- CLI: dependency-check:aggregate -->
<!-- Caution: This plugin configuration (aggregated and non-inherited) requires, that the project have been installed -->
<!--          (mvn install) at least once. Otherwise the OWASP Dependency Check creates a virtual dependency tree. -->
<plugin>
    <groupId>org.owasp</groupId>
    <artifactId>dependency-check-maven</artifactId>
    <version>5.3.2</version>
    <configuration>
        <skipProvidedScope>false</skipProvidedScope>
        <skipRuntimeScope>false</skipRuntimeScope>
        <retireJsAnalyzerEnabled>false</retireJsAnalyzerEnabled>
    </configuration>
    <executions>
        <execution>
            <goals>
                <goal>aggregate</goal>
            </goals>
        </execution>
    </executions>
    <inherited>false</inherited>
</plugin>


Sonatype OSS Index

Sonatype OSS Index

Multi-Module Build

<!-- ++++++++++ [Sonatype OSS Index Plugin] ++++++++++ -->

<!-- CLI: mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -->
<!-- CLI: mvn ossindex:audit -->
<!-- CLI: mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate -->
<!-- CLI: mvn ossindex:audit-aggregate -->
<!-- Caution: This plugin configuration (aggregated and non-inherited) requires, that the project have been installed -->
<!--          (mvn install) at least once. Otherwise the OWASP Dependency Check creates a virtual dependency tree. -->
<plugin>
    <groupId>org.sonatype.ossindex.maven</groupId>
    <artifactId>ossindex-maven-plugin</artifactId>
    <version>3.1.0</version>
    <executions>
        <execution>
            <id>audit-dependencies</id>
            <phase>validate</phase>
            <goals>
                <goal>audit-aggregate</goal>
            </goals>
        </execution>
    </executions>
    <configuration>
        <fail>false</fail>
        <excludeCoordinates>
            <exclude>
                <groupId>de.servicetrace.gxt</groupId>
                <artifactId>inspinia</artifactId>
                <version>1.1.0</version>
            </exclude>
        </excludeCoordinates>
    </configuration>
    <inherited>false</inherited>
</plugin>


Echo Plugin

<!-- ++++++++++ [Echo Plugin] ++++++++++ -->

<plugin>
    <groupId>com.soebes.maven.plugins</groupId>
    <artifactId>echo-maven-plugin</artifactId>
    <version>0.4.0</version>
    <executions>
        <execution>
            <id>echo-first-time</id>
            <phase>validate</phase>
            <goals>
                <goal>echo</goal>
            </goals>
            <configuration>
                <echos>
                    <echo>Project Version: ${project.version}</echo>
                </echos>
            </configuration>
        </execution>
    </executions>
</plugin>



Antrun Plugin

<!-- ++++++++++ [Ant Run Plugin] ++++++++++ -->

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-antrun-plugin</artifactId>
    <version>3.0.0</version>
    <executions>
        <execution>
            <phase>validate</phase>
            <goals>
                <goal>run</goal>
            </goals>
            <configuration>
                <exportAntProperties>true</exportAntProperties>
                <target>
                    <condition property="projectVersion" value="develop" else="${project.version}">
                        <contains string="${project.version}" substring="-SNAPSHOT" />
                    </condition>
                    <echo message="${projectVersion}"/>
                </target>
            </configuration>
        </execution>
    </executions>
</plugin>


Abgerufen von „https://wiki.fam-hammann.de/index.php?title=Maven&oldid=554