github.com/joey-fossa/fossa-cli@v0.7.34-0.20190708193710-569f1e8679f0/docs/integrations/maven.md

github.com/joey-fossa/fossa-cli@v0.7.34-0.20190708193710-569f1e8679f0/docs/integrations/maven.md (about)

     1  # Maven
     2  
     3  ## Support
     4  
     5  Maven support in FOSSA CLI depends on the following tools existing in your environment:
     6  
     7  - Java (defaults to `java`, configure with `$JAVA_BINARY`)
     8  - Maven (defaults to `mvn`, configure with `$MAVEN_BINARY`, or the `bin` option)
     9  - The Maven Dependency Plugin (supported by the official Maven team; auto-installed by Maven if missing)
    10  
    11  ## Configuration
    12  
    13  Automatic: Run `fossa init` to detect all directories with a `pom.xml` file. The CLI will follow references to
    14  other Maven modules (or projects) listed under `<modules>` in the POM manifest. A FOSSA CLI module will be
    15  created for each Maven project.
    16  
    17  Manual: Add a `mvn` module with either
    18  1. `path` set to "." and `target` to either the relative path to the Maven project's POM file or to the Maven
    19     project's directory which has a "pom.xml" file; or
    20  2. `path` set to the directory of the Maven project's directory and `target` to the ID of the project.
    21  
    22  ```yaml
    23  analyze:
    24    modules:
    25      - name: My mvn Project
    26        type: mvn
    27        path: .
    28        target: pom.xml
    29  ```
    30  
    31  ## Options
    32  | Option     |  Type  | Name                        | Common Use Case                                      |
    33  | ---------- | :----: | --------------------------- | ---------------------------------------------------- |
    34  | `bin`      | string | [Binary](#bin-string)       | Path to the Maven executable.                        |
    35  | `strategy` | string | [Command](#strategy-string) | The dependency analysis strategy.                    |
    36  | `cmd`      | string | [Command](#cmd-string)      | Custom command that outputs a Maven dependency tree. |
    37  
    38  ### `bin: <string>`
    39  
    40  Specify the executable for the CLI to use to run commands. By default, the CLI will first check if the
    41  environment variable `$MAVEN_BINARY` is set and use it if is, and otherwise it will use the `mvn` binary that
    42  is found.
    43  
    44  ### `strategy: <string>`
    45  
    46  Specify the strategy for dependency resolution. Setting to "pom-file" tells the CLI to only look at the POM
    47  file for the module. Setting to "maven-tree" tells the CLI to only run Maven to get a dependency tree. By
    48  default, the CLI will use "maven-tree", and if an error occurs or no dependencies are found then the CLI falls
    49  back to the "pom-file" strategy.
    50  
    51  ### `cmd: <string>`
    52  
    53  If `strategy` is not set, then `cmd` can specify the command for the CLI to use to retrieve the dependency
    54  tree from Maven in the format that running the `dependency:tree` goal outputs.
    55  
    56  ## Analysis
    57  
    58  Fossa analyzes a Maven project by parsing the output from `maven dependency:tree` into a dependency graph.