开源软件名称(OpenSource Name):versioneye/versioneye_maven_plugin开源软件地址(OpenSource Url):https://github.com/versioneye/versioneye_maven_plugin开源编程语言(OpenSource Language):Java 100.0%开源软件介绍(OpenSource Introduction):VersionEye Maven PluginThe maven plugin for VersionEye helps you to create/update a project at VersionEye, which is a Notification System for Software Libraries. It will help you to keep your projects up-to-date and automatically notify you about outdated dependencies and license violations. You can check it out here: www.versioneye.com. Summary
Minimum RequirementWe at VersionEye are using LetsEncrypt for our SSL certificates. Old Java versions don't support that certificate. The minimum required version is 8u101. More details on StackOverflow. Install binaryThe VersionEye Maven plugin is available on the Maven Central Repository. That means Maven will find it automatically, without adding any other repositories! And you can find the project on bintray as well. Switch to the project where you want to use this plugin.
You can add the plugin to your project by adding this snippet to your
<build>
<plugins>
<plugin>
<groupId>com.versioneye</groupId>
<artifactId>versioneye-maven-plugin</artifactId>
<version>3.11.4</version>
</plugin>
</plugins>
</build> The Alternatively you can add <pluginGroups>
<pluginGroup>com.versioneye</pluginGroup>
</pluginGroups> to the user's Maven settings file ( Install from sourceIf you wanna install the plugin from source, you have to follow this steps.
Switch to the root directory of the project:
And install it in your local maven repository:
Now the plugin is installed on your local machine! Getting StartedYou can check out all goals like this
That will output all possible goals on the versioneye plugin. Now you can check if the VersionEye API is available:
That should return an output like this:
Now try this:
That will get you a list with all your direct and recursive dependencies and it will tell you how many dependencies you have in your project altogether. Here you can convert your
It will take all your direct dependencies and convert them into API KeyThis plugin can push your dependencies to the VersionEye API, create a project at VersionEye and tell you which of your dependencies are outdated. VersionEye will automatically check your project and notify you about outdated dependencies. You can use some of the resources at the VersionEye API without an API KEY, but for the project resource you need one. If you are signed up you can find your API KEY in your organisation under this structure: Now let the versioneye-maven-plugin know what your API KEY is. <build>
<plugins>
<plugin>
<groupId>com.versioneye</groupId>
<artifactId>versioneye-maven-plugin</artifactId>
<version>3.11.4</version>
<configuration>
<apiKey>MY_SECRET_API_KEY</apiKey>
<organisation>YOUR_ORGANISATION</organisation>
<team>Owners</team>
</configuration>
</plugin>
</plugins>
</build> If you don't want to store the api key in the
If the API Key is not set directly in the pom.xml file, the versioneye-maven-plugin will try to fetch the API Key from the
If it can't find the file there it will look it up at this place:
If you want so you can configure another place for the versioneye.properties file. Just set the path explicitly in the pom.xml on the versioneye plugin configuration: <build>
<plugins>
<plugin>
<groupId>com.versioneye</groupId>
<artifactId>versioneye-maven-plugin</artifactId>
<version>3.11.4</version>
<configuration>
<propertiesPath>${basedir}/versioneye.properties</propertiesPath>
<organisation>YOUR_ORGANISATION</organisation>
<team>Owners</team>
</configuration>
</plugin>
</plugins>
</build> If the plugin can't find the API KEY in any of this locations it will look it up at this place:
That means if you don't want to commit your API KEY to the server and share it with your team you can place the file in your home directory and keep it for you. But don't commit this file with secret. So add it to Of course you can store the API key in an environment variable
That's a good way to deal with the API key on an CI system. mvn versioneye:createIf your API KEY is in place you can create a new project at VersionEye based on the dependencies in your
This command will not change your local project. It just sends your dependencies to the VersionEye server and creates, based on that, a new project at www.versioneye.com. If everything went right you will see in the output the URL to your new created VersionEye project. Just copy and paste it into you browser to check it out. Here is an example how it could look like: Besides that, the plugin will add a If you don't want that the versioneye maven plugin creates/updates the <updatePropertiesAfterCreate>false</updatePropertiesAfterCreate> If you do so, you have to add the mvn versioneye:updateAfter you created a new project on VersionEye you can update it with the dependencies from the
That will simply update the existing VersionEye project with the dependencies from your By the way. If you don't like to have a <build>
<plugins>
<plugin>
<groupId>com.versioneye</groupId>
<artifactId>versioneye-maven-plugin</artifactId>
<version>3.11.4</version>
<configuration>
<projectId>_YOUR_VERSONEYE_PROJECT_ID_</projectId>
<organisation>YOUR_ORGANISATION</organisation>
<team>Owners</team>
</configuration>
</plugin>
</plugins>
</build> mvn versioneye:licenseCheckOn VersionEye you can have License Whitelists. If you are working with License Whitelists you probably want to break the build if there is a license violation. The next goal will update your VersionEye project with the current dependencies and check them against a License Whitelist. If there is a violation of the License Whitelist this goal will break your build:
mvn versioneye:securityCheckThis goald will check if your dependencies have known security vulnerabilities:
If one of project dependencies has a known security vulnerability this goal will break your build! mvn versioneye:securityAndLicenseCheckThis goald will check if your dependencies have known security vulnerabilities or if they violate the license whitelist on the server:
If one of the 2 is violated this goal will break your build! mvn versioneye:deleteThis goal will delete the project from the VersionEye server:
This golad will also remove all related ProxyPlease configure the proxy settings directly in the configuration of the VersionEye Maven Plugin: <build>
<plugins>
<plugin>
<groupId>com.versioneye</groupId>
<artifactId>versioneye-maven-plugin</artifactId>
<version>3.11.4</version>
<configuration>
<proxyHost>127.0.0.1</proxyHost>
<proxyPort>8888</proxyPort>
<proxyUser>proxy_hopsi</proxyUser>
<proxyPassword>dont_tell_anybody</proxyPassword>
</configuration>
</plugin>
</plugins>
</build> If the proxy settings are defined in the pom.xml file the plugin will check these global environment variables:
If you don't want to store the proxy settings in the source code you should use the environment variables above. Generally a proxy for Maven can be configured in the VersionEye EnterpriseIf you are using the VersionEye Enterprise VM in your own private network you probably want to use this plugin against the VersionEye Enterprise API. In that case you can change the baseUrl with this line: <baseUrl>http://versioneye.my-company.com</baseUrl> The whole plugin snippet would look similar to this one. <build>
<plugins>
<plugin>
<groupId>com.versioneye</groupId>
<artifactId>versioneye-maven-plugin</artifactId>
<version>3.11.4</version>
<configuration>
<baseUrl>http://versioneye.my-company.com</baseUrl>
<projectId>_YOUR_VERSONEYE_PROJECT_ID_</projectId>
<organisation>YOUR_ORGANISATION</organisation>
<team>Owners</team>
</configuration>
</plugin>
</plugins>
</build> Multi-Module ProjectsAssume you have a big Java Enterprise multi-module project with Maven and you want to have all modules monitored by VersionEye. I further assume that all modules have the same parent pom and the modules are listed in the parent pom.xml file. In that case all you have to do is configuring the VersionEye Maven Plugin once in the parent pom. <build>
<plugins>
<plugin>
<groupId>com.versioneye</groupId>
<artifactId>versioneye-maven-plugin</artifactId>
<version>3.11.4</version>
<configuration>
<apiKey>MY_SECRET_API_KEY</apiKey>
<organisation>YOUR_ORGANISATION</organisation>
<team>Owners</team>
</configuration>
</plugin>
</plugins>
</build> Now run this command in the parent directory:
This command will be executed on each module. The plugin will create for each module a new project on VersionEye. Beside that the plugin will create for each module a After the projects are created on VersionEye we don't need the
This will update the project on VersionEye with the current dependencies in the modules pom.xml file. Executing this command in the parent pom directory will update all modules. Ideally this goal is executed on the Continuous Integration System after each build. Here is a YouTube video which demonstrates how to setup a multi-module project with the VersionEye Maven Plugin. Configuration OptionsThe VersionEye Maven Plugin has many configuration options. <plugin>
<groupId>com.versioneye</groupId>
<artifactId>versioneye-maven-plugin</artifactId>
<version>3.11.4</version>
<configuration>
<projectId>544d0ff9512592562c000003</projectId>
<!--<apiKey>my_secret_api_key</apiKey>-->
<!--<baseUrl>http://localhost:3000</baseUrl>-->
<!--<proxyHost>127.0.0.1</proxyHost>-->
<!--<proxyPort>8888</proxyPort>-->
<!--<proxyUser>proxy_hopsi</proxyUser>-->
<!--<proxyPassword>dont_tell_anybody</proxyPassword>-->
<!--<updatePropertiesAfterCreate>false</updatePropertiesAfterCreate>-->
<!--<mergeAfterCreate>false</mergeAfterCreate>-->
<!--<parentGroupId>com.versioneye</parentGroupId>-->
<!--<parentArtifactId>versioneye-maven-plugin</parentArtifactId>-->
<!--<nameStrategy>name</nameStrategy>-->
<!--<trackPlugins>true</trackPlugins>-->
<!--<licenseCheckBreakByUnknown>true</licenseCheckBreakByUnknown>-->
<!--<skipScopes>test,provided</skipScopes>-->
<!--<organisation>versioneye</organisation>-->
<!--<team>backend_devs</team>-->
<!--<name>NameOfTheProjectAtVersionEye</name>-->
<!--<visibility>public</visibility>-->
<!--<ignoreDependencyManagement>false</ignoreDependencyManagement>-->
<!--<transitiveDependencies>false</transitiveDependencies>-->
</configuration>
</plugin> Here is a more detailed documentation of the configuration options.
FeedbackFor bugs and feature requests please use the ticket system. Pull Requests are welcome ;-) SupportFor commercial support send a message to LicenseVersionEye-Core is licensed under the MIT license! Copyright (c) 2016 VersionEye GmbH Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论