depgraph-maven-plugin icon indicating copy to clipboard operation
depgraph-maven-plugin copied to clipboard

Published 20 hours ago verified publisher icon ferstl

targetIncludes from ossindex report

Open delanym opened this issue 3 years ago • 2 comments

I use the ossindex-maven-plugin to produce a report of dependencies with vulnerabilities. I run xpath -q -e '/componentReportExport/vulnerable/entry/key/text()' target/ossindex-audit.xml over the output to get a list of insecure dependencies. Now I want to take that list and produce a graph using targetIncludes, but the form of the coordinates are quite different depgraph-maven-plugin: groupId:artifactId:type:classifier ossindex-maven-plugin: groupId:artifactId:type:version:scope

It would be useful to specify the version. Do you have any suggestions?

delanym avatar Mar 30 '22 10:03 delanym

The plugin uses Maven's default notation for single-line artifact IDs and the standard filtering mechanisms. I just took a look at the implementation and possibly you can use a version after the :classifier. Could you try this? In case you don't have a classifier, you can leave it empty like groupId:artifactId:type::version. It looks like you can't omit the type but you can simply use jar for it.

If this works, I'll change the documentation accordingly.

ferstl avatar Mar 30 '22 21:03 ferstl

It works with groupId:artifactId:type:version and not groupId:artifactId:type::version

delanym avatar Mar 30 '22 22:03 delanym