DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

feat: Add maven Source analyzer (#5989)

Open regedit0726 opened this issue 7 months ago • 1 comments

Fixes Issue #5989

Description of Change

Add Maven source code analyzer, Support Maven 3 version. Check if Maven is installed and if it is Maven 3 version by executing the 'mvn -version' command. If not installed or not Maven 3 version, the analyzer will not be enabled. Then execute the 'mvn help:effective-settings' command to obtain the Maven local repository path. By finding the pom.xml in the source code directory and executing the 'mvn dependency:list' command on it, analyze the result to obtain the local jar file paths of the dependencies. Further analysis of the dependencies can be done using ArchiveAnalyzer, JarAnalyzer, CentralAnalyzer, and other analyzers.

Have test cases been added to cover the new functionality?

yes

regedit0726 avatar Nov 13 '23 02:11 regedit0726

I think there is an interesting possibility with this - but this is not what I was trying to describe in the related issue. Due to timelines this PR may sit open for a bit before I can integrate this idea.

jeremylong avatar Nov 13 '23 10:11 jeremylong