Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/chonton/bom-maven-plugin
Create Bill of Materials from set of jars or tar
https://github.com/chonton/bom-maven-plugin
dependencies maven-plugin
Last synced: 3 days ago
JSON representation
Create Bill of Materials from set of jars or tar
- Host: GitHub
- URL: https://github.com/chonton/bom-maven-plugin
- Owner: chonton
- License: apache-2.0
- Created: 2021-12-23T22:11:49.000Z (almost 3 years ago)
- Default Branch: master
- Last Pushed: 2024-07-27T08:45:59.000Z (2 months ago)
- Last Synced: 2024-07-27T09:48:16.206Z (2 months ago)
- Topics: dependencies, maven-plugin
- Language: Java
- Homepage:
- Size: 407 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# bom-maven-plugin
Create a BOM (bill of materials) from a set of jars or tar file. The bom is formatted as a [pom](https://maven.apache.org/pom.html).
## Goals
There is one goal: [extract](https://chonton.github.io/bom-maven-plugin/1.1.0/extract-mojo.html) creates
a bom from the jars found in a directory or tar.The specified source is recursively searched for files ending with '.jar'. If the specified source
ends with '.tar' or '.tar.gz', it is assumed to be a tar file. All files inside the tar ending with
'.jar' are extracted to the temp directory.Once the set of jars is determined, each is examined to determine its GAV (groupId,artifactId,version).
First, the jar is scanned for the existence of a 'META-INF/maven/**/pom.properties' file. If the
file exists, it contains the GAV.If pom.properties is not present, the sha1 hash of the jar is computed, and maven central is queried
to determine the GAV of the jar. If multiple jars with the same hash are returned from maven
central, the best match based on the name of the jar will be used.Using the GAV of the jars, a pom.xml is generated with the jars as dependencies.
Mojo details at [plugin info](https://chonton.github.io/bom-maven-plugin/1.0.0/plugin-info.html)
## Parameters
Every parameter can be set with a maven property **bom.**__. e.g. source parameter
can be set from command line: -Dbom.source=image.tar| Parameter | Default | Description |
|------------|----------------|------------------------------------------------------|
| groupId | extracted | The groupId for the bom |
| artifactId | bom | The artifactId for the bom |
| version | 1.0.0-SNAPSHOT | The version for the bom |
| bom | pom.xml | The output file |
| source | | The source to examine, Defaults to current directory |
| unknowns | | The directory to receive a copy of unknown jars |## Requirements
- Maven 3.5 or later
- Java 11 or later## Typical Uses
```shell
# extract bill of materials from the jars in the current directory
mvn org.honton.chas:bom-maven-plugin:1.1.0:extract -D bom.groupId=myGroup# extract bill of materials from image.tar
mvn org.honton.chas:bom-maven-plugin:1.1.0:extract -D bom.source=image.tar
```