Maven Plugin
Apache Maven plugin for Sonatype OSS Index
Audit a project dependencies using Sonatype OSS Index.
Requirements
- Java 7+ (version 10 is NOT supported)
- Apache Maven 3.1+
POM execution
Add an invocation of the ossindex:audit goal via POM execution:
<build>
<plugins>
<plugin>
<groupId>org.sonatype.ossindex.maven</groupId>
<artifactId>ossindex-maven-plugin</artifactId>
<executions>
<execution>
<id>audit-dependencies</id>
<phase>validate</phase>
<goals>
<goal>audit</goal>
</goals>
</execution>
</executions>
</plugin>
<plugins>
</build>Command Line
If you can not change the POM, run the ossindex:audit goal directly on the command-line with a project:
mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml
Or run the ossindex:audit-aggregate goal:
mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate -f pom.xml
Goals
Goals available for this plugin:
| Goal | Description |
|---|---|
| ossindex:audit | Vulnerability audit of project dependencies via Sonatype OSS Index. |
| ossindex:audit-aggregate | Vulnerability audit of aggregate project dependencies via Sonatype OSS Index. |
| ossindex:help | Display help information on ossindex-maven-plugin. Call mvn ossindex:help -Ddetail=true
-Dgoal=<goal-name> to display parameter details. |
Usage
You should specify the version in your project’s plugin configuration:
<project>
<build>
<!-- plugin management -->
<pluginMangement>
<plugins>
<plugin>
<groupId>org.sonatype.ossindex.maven</groupId>
<artifactId>ossindex-maven-plugin</artifactId>
<version>3.1.0</version>
</plugin>
</plugins>
</pluginMangement>
<!-- plugin execution -->
<plugins>
<plugin>
<groupId>org.sonatype.ossindex.maven</groupId>
<artifactId>ossindex-maven-plugin</artifactId>
<version>3.1.0</version>
</plugin>
</plugins>
</build>
</project>
Features
| Maven Plugin: Excludes | |
| Maven Plugin: Export Report | |
| Maven Plugin: Fail or Warn | |
| ossindex:audit | |
| ossindex:audit-aggregate | |
| ossindex:help |