Skip to content

Commit

Permalink
Add audit-aggregate goal (#33)
Browse files Browse the repository at this point in the history
* Add audit-aggregate goal to request vuln reports for all dependencies of entire project.
* Update to jackson 2.9.10
* Add audit-aggregate to usage
* Add simple IT for audit-aggregate
  • Loading branch information
jdillon authored Oct 3, 2019
1 parent cc08431 commit b326a08
Show file tree
Hide file tree
Showing 22 changed files with 3,336 additions and 402 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
/*
* Copyright (c) 2018-present Sonatype, Inc. All rights reserved.
*
* This program is licensed to you under the Apache License Version 2.0,
* and you may not use this file except in compliance with the Apache License Version 2.0.
* You may obtain a copy of the Apache License Version 2.0 at http://www.apache.org/licenses/LICENSE-2.0.
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the Apache License Version 2.0 is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
*/
package org.sonatype.ossindex.maven.plugin;

import java.util.HashSet;
import java.util.List;
import java.util.Set;

import org.apache.maven.artifact.Artifact;
import org.apache.maven.execution.MavenSession;
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.project.MavenProject;
import org.apache.maven.shared.dependency.graph.DependencyGraphBuilderException;

import static org.apache.maven.plugins.annotations.ResolutionScope.TEST;

/**
* Vulnerability audit of aggregate project dependencies via
* <a href="https://ossindex.sonatype.org/">Sonatype OSS Index</a>.
*
* @since ???
*/
@Mojo(name = "audit-aggregate", requiresDependencyResolution = TEST, aggregator = true)
public class AuditAggregateMojo
extends AuditMojoSupport
{
@Parameter(defaultValue = "${reactorProjects}", required = true, readonly = true)
private List<MavenProject> reactorProjects;

@Override
protected Set<Artifact> resolveDependencies(final MavenSession session) throws DependencyGraphBuilderException {
Set<Artifact> dependencies = new HashSet<>();

for (MavenProject project : reactorProjects) {
Set<Artifact> resolved = resolveDependencies(session, project);
dependencies.addAll(resolved);
}

return dependencies;
}
}
Loading

0 comments on commit b326a08

Please sign in to comment.