Open delanym opened 2 years ago
The plugin uses Maven's default notation for single-line artifact IDs and the standard filtering mechanisms. I just took a look at the implementation and possibly you can use a version after the :classifier
. Could you try this? In case you don't have a classifier, you can leave it empty like groupId:artifactId:type::version
. It looks like you can't omit the type but you can simply use jar
for it.
If this works, I'll change the documentation accordingly.
It works with groupId:artifactId:type:version
and not groupId:artifactId:type::version
I use the ossindex-maven-plugin to produce a report of dependencies with vulnerabilities. I run
xpath -q -e '/componentReportExport/vulnerable/entry/key/text()' target/ossindex-audit.xml
over the output to get a list of insecure dependencies. Now I want to take that list and produce a graph using targetIncludes, but the form of the coordinates are quite different depgraph-maven-plugin:groupId:artifactId:type:classifier
ossindex-maven-plugin:groupId:artifactId:type:version:scope
It would be useful to specify the version. Do you have any suggestions?