You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by Jim Sellers <ji...@gmail.com> on 2008/09/30 19:52:19 UTC
Enforcer configuration external to the pom
Hi all.
The problem that I am trying to solve is to identify what projects in our CI
server have given dependencies or inherit from a given corporate parent
pom. For example, if we found a security problem with
com.example:myArtifact:1.2.3, then I'd like to be able to run a command to
easily find these.
I've looked at the enforcer plugin [1], but it seems like the only way to
use it is if you have the config internal to the pom [2]. I've tried a
command like "mvn enforcer:enforce
-Drules.bannedDependencies.excludes.exclude=struts:struts", but that does
not work (or I've got the properties wrong).
I've thought of using a xml parser, but that won't help if a banned lib is
pulled in transitivly. The only other way I've thought of doing this is
running dependency:tree on each pom and then grep'ing the output, but that's
a pretty clunkly solution.
Does anyone have any suggestions on how to solve this?
Thanks for your time,
Jim
[1] http://maven.apache.org/enforcer/enforcer-rules/bannedDependencies.html
[2] http://markmail.org/message/7pvzqh5nsxsqm5z5
Re: Enforcer configuration external to the pom
Posted by Brett Porter <br...@gmail.com>.
There is some plexus hokus-pokus for achieving this, though whether
adding that complexity to the enforcer plugin to achieve this is worth
it, I'm not so sure.
- Brett
2008/10/1 Brian E. Fox <br...@reply.infinity.nu>:
> It won't be possible to inject the rule config external to the pom,
> unless there's some plexus hokus-pokus I'm not aware of. You would be
> better off extending the rule to read from some property/xml file and
> leaving just the rule declaration in the pom.
>
> -----Original Message-----
> From: Jim Sellers [mailto:jim.sellers@gmail.com]
> Sent: Tuesday, September 30, 2008 1:52 PM
> To: Maven Users List
> Subject: Enforcer configuration external to the pom
>
> Hi all.
>
> The problem that I am trying to solve is to identify what projects in
> our CI
> server have given dependencies or inherit from a given corporate parent
> pom. For example, if we found a security problem with
> com.example:myArtifact:1.2.3, then I'd like to be able to run a command
> to
> easily find these.
>
> I've looked at the enforcer plugin [1], but it seems like the only way
> to
> use it is if you have the config internal to the pom [2]. I've tried a
> command like "mvn enforcer:enforce
> -Drules.bannedDependencies.excludes.exclude=struts:struts", but that
> does
> not work (or I've got the properties wrong).
>
> I've thought of using a xml parser, but that won't help if a banned lib
> is
> pulled in transitivly. The only other way I've thought of doing this is
> running dependency:tree on each pom and then grep'ing the output, but
> that's
> a pretty clunkly solution.
>
> Does anyone have any suggestions on how to solve this?
>
> Thanks for your time,
> Jim
>
> [1]
> http://maven.apache.org/enforcer/enforcer-rules/bannedDependencies.html
> [2] http://markmail.org/message/7pvzqh5nsxsqm5z5
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
--
Brett Porter
Blog: http://blogs.exist.com/bporter/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
RE: Enforcer configuration external to the pom
Posted by "Brian E. Fox" <br...@reply.infinity.nu>.
It won't be possible to inject the rule config external to the pom,
unless there's some plexus hokus-pokus I'm not aware of. You would be
better off extending the rule to read from some property/xml file and
leaving just the rule declaration in the pom.
-----Original Message-----
From: Jim Sellers [mailto:jim.sellers@gmail.com]
Sent: Tuesday, September 30, 2008 1:52 PM
To: Maven Users List
Subject: Enforcer configuration external to the pom
Hi all.
The problem that I am trying to solve is to identify what projects in
our CI
server have given dependencies or inherit from a given corporate parent
pom. For example, if we found a security problem with
com.example:myArtifact:1.2.3, then I'd like to be able to run a command
to
easily find these.
I've looked at the enforcer plugin [1], but it seems like the only way
to
use it is if you have the config internal to the pom [2]. I've tried a
command like "mvn enforcer:enforce
-Drules.bannedDependencies.excludes.exclude=struts:struts", but that
does
not work (or I've got the properties wrong).
I've thought of using a xml parser, but that won't help if a banned lib
is
pulled in transitivly. The only other way I've thought of doing this is
running dependency:tree on each pom and then grep'ing the output, but
that's
a pretty clunkly solution.
Does anyone have any suggestions on how to solve this?
Thanks for your time,
Jim
[1]
http://maven.apache.org/enforcer/enforcer-rules/bannedDependencies.html
[2] http://markmail.org/message/7pvzqh5nsxsqm5z5
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org