You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jena.apache.org by "Andy Seaborne (Jira)" <ji...@apache.org> on 2022/01/20 09:11:00 UTC

[jira] [Commented] (JENA-2223) Add ossindex-maven-plugin to the build.

    [ https://issues.apache.org/jira/browse/JENA-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17479202#comment-17479202 ] 

Andy Seaborne commented on JENA-2223:
-------------------------------------

Having tried this, and other tools out, the dependabot security seems to cover everything ossindex-maven-plugin does (it is possible they get their raw data from the same root source).

> Add ossindex-maven-plugin to the build.
> ---------------------------------------
>
>                 Key: JENA-2223
>                 URL: https://issues.apache.org/jira/browse/JENA-2223
>             Project: Apache Jena
>          Issue Type: Task
>          Components: Build
>    Affects Versions: Jena 4.3.2
>            Reporter: Andy Seaborne
>            Priority: Minor
>
> https://sonatype.github.io/ossindex-maven/maven-plugin/
> We might add this to the build or to a profile.
> The downside is that there is already a lot of build output. Too much output means it is very easy to miss warnings so adding this (there are 47 modules) might hide warnings from other plugins. This plugin can be set to fail the build.
> {{mvn -q}} hides all but errors and maybe hides nested build information used by the release which comes out as {{[INFO] [WARNING]...}}
> Dependencies change infrequently. This could be setup in a profile and have a special Jenkins job. 
> It can be run manually:
> {{mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -fn -f pom.xml}}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)