-
-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include Parent in Materials List #165
Comments
When running |
Hi @stevespringett, Thank you for a quick response. When I use For example: parent-pom.xml <project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.mycompany</groupId>
<artifactId>parent</artifactId>
<version>1.0.0</version>
<dependencies>
<dependency>
<groupId>org.mycompany</groupId>
<artifactId>artifact-a</artifactId>
<version>1.0.0</version>
</dependency>
</dependencies>
</project> project-pom.xml <project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.mycompany</groupId>
<artifactId>parent</artifactId>
<version>1.0.0</version>
</parent>
<artifactId>project</artifactId>
<version>1.0.0</version>
<dependencies>
<dependency>
<groupId>org.mycompany</groupId>
<artifactId>artifact-b</artifactId>
<version>1.0.0</version>
</dependency>
</dependencies>
</project> Basically what I see is when running the
I was hoping it would also include:
A workaround that I just tested was if I add the parent in the dependency section as well then it is included into the bom.json. Hopefully I am demonstrating my thinking about this correctly. Also, would you like me create a separate issue for the enhancement for including plugins? Thanks |
yes, that would be ideal. I think implementation of it would likely have to wait until CycloneDX/specification#31 is implemented in the spec, but we can use Maven plugin case to drive some of the use cases. |
Is there currently a feature to include the parent and plugins in the bill of materials? Certain versions of a parent could be known to be an issue in generating projects and to be able to tell where the Parent is used via the BOM would be preferred. If in the BOM I would think it would be optimal to search in Dependency track for these tainted parents or plugins.
The text was updated successfully, but these errors were encountered: