Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jonathangiles/whitelistgenerator

A tool to generate a report containing all whitelisted dependencies across a multi-module maven project
https://github.com/jonathangiles/whitelistgenerator

Last synced: 2 days ago
JSON representation

A tool to generate a report containing all whitelisted dependencies across a multi-module maven project

Awesome Lists containing this project

README 

        
# Maven Enforcer Allow List Report Tool



This application (and Maven plugin) will generate a report detailing all allowed dependencies.



It can be configured within a Maven project as such:



```xml



    net.jonathangiles.tools

    whitelistgenerator-maven-plugin

    1.0.4

    

        

        /directory/to/scan/in



        .

        report.json

        

            

            org.slf4j:slf4j-api

        

    



```



To use, run with the maven goal of `whitelistgenerator:report`.



## What does a report look like?



The default report output is in JSON, and it takes the following form:



```json

{

  "fullAllowList": [

    "com.azure:*",

    "com.fasterxml.jackson.core:jackson-annotations",

    "com.fasterxml.jackson.core:jackson-core",

    "com.fasterxml.jackson.core:jackson-databind",

    "com.fasterxml.jackson.dataformat:jackson-dataformat-xml",

    "com.fasterxml.jackson.datatype:jackson-datatype-jsr310",

    "com.fasterxml.jackson.module:jackson-module-afterburner",

    "com.google.code.findbugs:jsr305",

    "com.microsoft.azure:msal4j",

    "com.microsoft.azure:qpid-proton-j-extensions",

    "com.nimbusds:oauth2-oidc-sdk",

    "com.squareup.okhttp3:okhttp",

    "io.dropwizard.metrics:metrics-core",

    "io.micrometer:micrometer-core",

    "io.netty:netty-buffer",

    "io.netty:netty-codec-http",

    "io.netty:netty-codec-http2",

    "io.netty:netty-handler",

    "io.netty:netty-handler-proxy",

    "io.netty:netty-tcnative-boringssl-static",

    "io.netty:netty-transport-native-epoll",

    "io.netty:netty-transport-native-unix-common",

    "io.opentelemetry",

    "io.projectreactor.netty",

    "io.projectreactor:reactor-core",

    "net.java.dev.jna",

    "org.apache.qpid:proton-j",

    "org.nanohttpd:nanohttpd",

    "org.slf4j:slf4j-api"

  ],

  "parsedDocuments": [

    {

      "groupId": "com.azure",

      "artifactId": "azure-core-http-netty",

      "version": "1.5.0-beta.1",

      "path": "core/azure-core-http-netty/pom.xml",

      "allowList": [

        "com.azure:*",

        "io.projectreactor.netty",

        "io.netty:netty-buffer",

        "io.netty:netty-codec-http",

        "io.netty:netty-codec-http2",

        "io.netty:netty-handler",

        "io.netty:netty-handler-proxy",

        "io.netty:netty-transport-native-unix-common",

        "io.netty:netty-transport-native-epoll"

      ]

    },

    {

      "groupId": "com.azure",

      "artifactId": "azure-core-amqp",

      "version": "1.1.0-beta.1",

      "path": "core/azure-core-amqp/pom.xml",

      "allowList": [

        "com.azure:*",

        "org.apache.qpid:proton-j",

        "com.microsoft.azure:qpid-proton-j-extensions"

      ]

    },

    {

      "groupId": "com.azure",

      "artifactId": "azure-core",

      "version": "1.4.0-beta.1",

      "path": "core/azure-core/pom.xml",

      "allowList": [

        "org.slf4j:slf4j-api",

        "io.projectreactor:reactor-core",

        "io.netty:netty-tcnative-boringssl-static",

        "com.fasterxml.jackson.dataformat:jackson-dataformat-xml",

        "com.fasterxml.jackson.datatype:jackson-datatype-jsr310",

        "com.google.code.findbugs:jsr305"

      ]

    },

    {

      "groupId": "com.azure",

      "artifactId": "azure-core-tracing-opentelemetry",

      "version": "1.0.0-beta.4",

      "path": "core/azure-core-tracing-opentelemetry/pom.xml",

      "allowList": [

        "com.azure:*",

        "io.opentelemetry"

      ]

    },

    {

      "groupId": "com.azure",

      "artifactId": "azure-core-http-okhttp",

      "version": "1.3.0-beta.1",

      "path": "core/azure-core-http-okhttp/pom.xml",

      "allowList": [

        "com.azure:*",

        "com.squareup.okhttp3:okhttp"

      ]

    },

    {

      "groupId": "com.azure",

      "artifactId": "azure-identity",

      "version": "1.1.0-beta.3",

      "path": "identity/azure-identity/pom.xml",

      "allowList": [

        "com.azure:*",

        "com.nimbusds:oauth2-oidc-sdk",

        "com.microsoft.azure:msal4j",

        "org.nanohttpd:nanohttpd",

        "net.java.dev.jna"

      ]

    },

    {

      "groupId": "com.azure",

      "artifactId": "azure-cosmos",

      "version": "4.0.1-beta.2",

      "path": "cosmos/azure-cosmos/pom.xml",

      "allowList": [

        "com.azure:*",

        "org.slf4j:slf4j-api",

        "io.projectreactor:reactor-core",

        "com.fasterxml.jackson.core:jackson-core",

        "com.fasterxml.jackson.core:jackson-annotations",

        "com.fasterxml.jackson.core:jackson-databind",

        "com.fasterxml.jackson.datatype:jackson-datatype-jsr310",

        "com.fasterxml.jackson.module:jackson-module-afterburner",

        "io.micrometer:micrometer-core",

        "io.dropwizard.metrics:metrics-core",

        "io.projectreactor.netty",

        "io.netty:netty-codec-http",

        "io.netty:netty-codec-http2",

        "io.netty:netty-handler",

        "io.netty:netty-handler-proxy",

        "io.netty:netty-transport-native-epoll",

        "com.google.code.findbugs:jsr305"

      ]

    }

  ]

}

```



## Building and Releasing



* To build: `mvn clean install`

* To release: `mvn clean deploy -Prelease`

* To upgrade versions: `mvn versions:set -DnewVersion=1.0.1`