Possibility to disable recursive scan for multimodule projects with separate gits

[selundqma]

Is there an existing issue for this?

• [X] I have searched the existing issues

Feature description

We have a biiiiiiiig application which is divided into several gits, like this:

• git_parent (contains a POM which has a list of all dependencies/versions + a list of modules)
• git_a (module 1)
• git_b (module 2)
• git_c (module 3)
• git_d (module 4)

Our dependabot.yml (located in git_parent/.github) looks like this:

version: 2
updates:
- package-ecosystem: maven
  directory: "/mvn-parent"
  schedule:
    interval: "daily"

When dependabot runs it fails with "Dependabot couldn't find a pom.xml. Dependabot requires a pom.xml to evaluate your Java dependencies. It had expected to find one at the path: /git_a/pom.xml." since git_a is not a directory in the git being scanned, but a separate git.

So.. we wonder if it would be possible to disable the recursive scan of modules since this causes a problem for us. Scanning only the parent POM in the parent git is all we need and nothing else needs to be scanned.

Perhaps this could be done by specifying a new option to disable scanning any defined modules?

version: 2
updates:
- package-ecosystem: maven
  directory: "/mvn-parent"
  recursive-multimodule-scan: "false"
  schedule:
    interval: "daily"

Another possibility would of course be to handle the scenario and check out the separate gits defined in the parent POM.

[ranma2913]

I've got a similar scenario: Maven Project of pom Maven Modules are defined, but they are all git-submodules.

I need a config to either clone the submodules git submodule init & git submodule update, or as the OP suggested simply set it to do a --non-recursive maven dependency scan.

[ranma2913]

Possibly Related to:

• 7916

• 2192

• 8428