Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/
Apache License 2.0
517
stars
124
forks
source link
Take the lang-java-with-deps from the local Maven repo #556
Formerly, the agent JAR lang-java-<version>-jar-with-dependencies.jar had to be copied into each module's target/dependency folder using maven-dependency-plugin:copy, which caused troubles for multi-module projects.
With this change, the agent JAR is required to be in the local Maven repository, which can be accomplished using maven-dependency-plugin:get.
In the future, it would be nice if the separate mvn command could be skipped altogether, which requires that the retrieval happens within AbstractVulasMojo.
Formerly, the agent JAR
lang-java-<version>-jar-with-dependencies.jar
had to be copied into each module'starget/dependency
folder usingmaven-dependency-plugin:copy
, which caused troubles for multi-module projects.With this change, the agent JAR is required to be in the local Maven repository, which can be accomplished using
maven-dependency-plugin:get
.In the future, it would be nice if the separate mvn command could be skipped altogether, which requires that the retrieval happens within
AbstractVulasMojo
.TODO
s