Maven support in FOSSA CLI depends on the following tools existing in your environment:
- Java (defaults to
java, configure with
- Maven (defaults to
mvn, configure with
$MAVEN_BINARY, or the
- The Maven Dependency Plugin (supported by the official Maven team; auto-installed by Maven if missing)
fossa init to detect all directories with a
pom.xml file. The CLI will follow references to
other Maven modules (or projects) listed under
<modules> in the POM manifest. A FOSSA CLI module will be
created for each Maven project.
Manual: Add a
mvn module with either
pathset to "." and
targetto either the relative path to the Maven project's POM file or to the Maven project's directory which has a "pom.xml" file; or
pathset to the directory of the Maven project's directory and
targetto the ID of the project.
analyze: modules: - name: My mvn Project type: mvn path: . target: pom.xml options: cmd: "mvn dependency:tree"
|Option||Type||Name||Common Use Case|
||string||Binary||Path to the Maven executable.|
||string||Command||The dependency analysis strategy.|
||string||Command||Custom command that outputs a Maven dependency tree.|
Specify the executable for the CLI to use to run commands. By default, the CLI will first check if the
$MAVEN_BINARY is set and use it if is, and otherwise it will use the
mvn binary that
Specify the strategy for dependency resolution. Setting to "pom-file" tells the CLI to only look at the POM file for the module. Setting to "maven-tree" tells the CLI to only run Maven to get a dependency tree. By default, the CLI will use "maven-tree", and if an error occurs or no dependencies are found then the CLI falls back to the "pom-file" strategy.
strategy is not set, then
cmd can specify the command for the CLI to use to retrieve the dependency
tree from Maven in the format that running the
dependency:tree goal outputs.
Fossa analyzes a Maven project by parsing the output from
mvn dependency:tree into a dependency graph.