Open selundqma opened 11 months ago
I've got a similar scenario:
Maven Project of
I need a config to either clone the submodules git submodule init
& git submodule update
, or as the OP suggested simply set it to do a --non-recursive
maven dependency scan.
Possibly Related to:
Is there an existing issue for this?
Feature description
We have a biiiiiiiig application which is divided into several gits, like this:
Our dependabot.yml (located in git_parent/.github) looks like this:
When dependabot runs it fails with "Dependabot couldn't find a pom.xml. Dependabot requires a pom.xml to evaluate your Java dependencies. It had expected to find one at the path: /git_a/pom.xml." since git_a is not a directory in the git being scanned, but a separate git.
So.. we wonder if it would be possible to disable the recursive scan of modules since this causes a problem for us. Scanning only the parent POM in the parent git is all we need and nothing else needs to be scanned.
Perhaps this could be done by specifying a new option to disable scanning any defined modules?
Another possibility would of course be to handle the scenario and check out the separate gits defined in the parent POM.