Maven Plugin

Apache Maven plugin for Sonatype OSS Index

Audit a project dependencies using Sonatype OSS Index.

Requirements

POM execution

Add an invocation of the ossindex:audit goal via POM execution:

<build>
  <plugins>
    <plugin>
      <groupId>org.sonatype.ossindex.maven</groupId>
      <artifactId>ossindex-maven-plugin</artifactId>
      <executions>
        <execution>
          <id>audit-dependencies</id>
          <phase>validate</phase>
          <goals>
            <goal>audit</goal>
          </goals>
        </execution>
      </executions>
    </plugin>
  <plugins>
</build>

Command Line

If you can not change the POM, run the ossindex:audit goal directly on the command-line with a project:

mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml

Goals

Goals available for this plugin:

2 goals
Goal Description
ossindex:audit Vulnerability audit of project dependencies via Sonatype OSS Index.
ossindex:help Display help information on ossindex-maven-plugin.
Call mvn ossindex:help -Ddetail=true -Dgoal=<goal-name> to display parameter details.

Usage

You should specify the version in your project’s plugin configuration:

<project>
  <build>
    <!-- plugin management -->
    <pluginMangement>
      <plugins>
        <plugin>
          <groupId>org.sonatype.ossindex.maven</groupId>
          <artifactId>ossindex-maven-plugin</artifactId>
          <version>3.0.2</version>
        </plugin>
      </plugins>
    </pluginMangement>

    <!-- plugin execution -->
    <plugins>
      <plugin>
        <groupId>org.sonatype.ossindex.maven</groupId>
        <artifactId>ossindex-maven-plugin</artifactId>
        <version>3.0.2</version>
      </plugin>
    </plugins>
  </build>
</project>

Features

Maven Plugin: Excludes
Maven Plugin: Export Report
Maven Plugin: Fail or Warn
ossindex:audit
ossindex:help