search

aboutcode-org / scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
https://github.com/aboutcode-org/scancode-toolkit/releases/
2.07k stars 537 forks source link

Add support for Ivy-style dependencies.properties file #3468

Open pombredanne opened 1 year ago

pombredanne commented 1 year ago

These are Java property files (using = signs, like MANIFEST.MF) where the left hand side is a property name and the right hand side is a Maven coordinate as in "ns:name:version" as in:

javax.ws.rs-api=javax.ws.rs:javax.ws.rs-api:2.1
jstl=jstl:jstl:1.2

Some other times it can be instead "ns:name=version" as in:

javax.ws.rs:javax.ws.rs-api=2.1
jstl:jstl=1.2

The name may be prefixed as in devel-dependencies.properties

See also for related but not processable:

The outcome should be a bunch of Maven dependencies, in the same way we handle a pypi requirements.txt file.

pombredanne commented 1 year ago

Closely related: https://docs.gradle.org/current/userguide/dependency_locking.html#lock_state_location_and_format both in purpose and format gradle.lockfile

# This is a Gradle generated file for dependency locking.
# Manual edits can break the build and are not advised.
# This file is expected to be part of source control.
org.springframework:spring-beans:5.0.5.RELEASE=compileClasspath, runtimeClasspath
org.springframework:spring-core:5.0.5.RELEASE=compileClasspath, runtimeClasspath
org.springframework:spring-jcl:5.0.5.RELEASE=compileClasspath, runtimeClasspath
empty=annotationProcessor