DependencyCheck
DependencyCheck copied to clipboard
feat: Add maven Source analyzer (#5989)
Fixes Issue #5989
Description of Change
Add Maven source code analyzer, Support Maven 3 version. Check if Maven is installed and if it is Maven 3 version by executing the 'mvn -version' command. If not installed or not Maven 3 version, the analyzer will not be enabled. Then execute the 'mvn help:effective-settings' command to obtain the Maven local repository path. By finding the pom.xml in the source code directory and executing the 'mvn dependency:list' command on it, analyze the result to obtain the local jar file paths of the dependencies. Further analysis of the dependencies can be done using ArchiveAnalyzer, JarAnalyzer, CentralAnalyzer, and other analyzers.
Have test cases been added to cover the new functionality?
yes
I think there is an interesting possibility with this - but this is not what I was trying to describe in the related issue. Due to timelines this PR may sit open for a bit before I can integrate this idea.