When evaluating a Maven-based software project, Sonatype CLM for Maven can take
advantage of the dependency information contained in the project’s pom.xml
files and the information about transitive dependencies available to Maven.
The index
goal of Sonatype CLM for Maven allows you to identify component
dependencies and makes this information available to Sonatype CLM CI tools (e.g.
Sonatype CLM for Hudson/Jenkins or Bamboo). You can invoke an execution of the
index
goal manually as part of your command line invocation by executing the
index goal after the package phase:
mvn clean install com.sonatype.clm:clm-maven-plugin:index
Alternatively you can configure the execution in the pom.xml
files build
section or in a profile
's build section.
<build> <plugins> <plugin> <groupId>com.sonatype.clm</groupId> <artifactId>clm-maven-plugin</artifactId> <version>2.5.2-01</version> <executions> <execution> <goals> <goal>index</goal> </goals> </execution> </executions> </plugin> </plugins> </build>
With the above configuration a normal Maven build execution with e.g. mvn clean
install
will trigger the CLM plugin to be executed in the package
phase and
result in a log output similar to
[INFO] --- clm-maven-plugin:2.5.2-01:index (default) @ test-app --- [INFO] Saved module information to /opt/test-app/target/sonatype-clm/module.xml
If you want to manually configure the lifecycle phase to execute the plugin, you
have to choose a phase after package
.
The generated module.xml
file contains the information that will be picked up
by Sonatype CLM for CI and incorporated into the CLM evaluation. This improves
the analysis since Sonatype CLM for Maven is able to create a complete
dependency list rather than relying on binary build artifacts.
By default only dependencies in the |
When using the Sonatype CLM Maven plugin and the index
goal, module
information files are created. If desired, you can exclude some of the modules
from being evaluated. For example, you may want to exclude modules that support
your tests, and don’t contribute to the distributed application binary.
The default location where the module information files are stored is
${project.build.directory}/sonatype-clm/module.xml
.
In the supported CI tool, you will see a section labeled Module Excludes. On
this area, use a comma-separated list of
Apache Ant styled patterns
relative to the workspace root that denote the module information files
(**/sonatype-clm/module.xml
) to be ignored.
Here’s an example of the pattern described above:
**/my-module/target/**, **/another-module/target/**
If unspecified, all modules will contribute dependency information (if any) to the evaluation.
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia