[maven] Support for verbose dependency tree

CycloneDX / cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Google chat: https://chat.google.com/room/AAAA6l2dO60?cls=7

https://cyclonedx.github.io/cdxgen/

Apache License 2.0

572 stars 155 forks source link

[maven] Support for verbose dependency tree #1142

Open prabhu opened 5 months ago

prabhu commented 5 months ago

The dependency tree generated with both the cyclonedx maven plugin and the dependency:tree command lacks conflicts and omission information.

Repo: https://github.com/eclipse-jkube/jkube

maven-verbose-tree.txt

Tracking the conflicts and omissions could help understand the software compositions better.

prabhu commented 5 months ago

There is a warning in the docs: Notice this feature actually uses Maven 2 algorithm and [may give wrong results when used with Maven 3](https://maven.apache.org/shared/maven-dependency-tree/)

https://maven.apache.org/plugins-archives/maven-dependency-plugin-3.2.0/tree-mojo.html#verbose