Jesús Navarro Hdez
Reputation: 95
Trying to Generate Dependencies Report with Maven
im working with Maven and Im trying to generate an OWASP dependencies report. My POM is the following:
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>P2LyH</groupId>
<artifactId>P2_LH</artifactId>
<version>1.0-SNAPSHOT</version>
<reporting>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>3.1.1</version>
<reportSets>
<reportSet>
<reports>
<report>checkstyle</report>
</reports>
</reportSet>
</reportSets>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>6.0.3</version>
<reportSets>
<reportSet>
<reports>
<report>aggregate</report>
</reports>
</reportSet>
</reportSets>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.13.0</version>
</plugin>
</plugins>
</reporting>
<build>
<sourceDirectory>src</sourceDirectory>
<pluginManagement>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<!-- Plugin de Sonar para ejecutar sonarqube-->
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.7.0.1746</version>
</plugin>
<!-- Plugin para generar el site-->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
<version>3.9.0</version>
</plugin>
</plugins>
</pluginManagement>
</build>
<dependencies>
<dependency>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.7.0.1746</version>
</dependency>
</dependencies>
<profiles>
<profile>
<id>sonar</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<!-- Optional URL to server. Default value is http://localhost:9000 -->
<sonar.host.url>
http://localhost:9000
</sonar.host.url>
</properties>
</profile>
</profiles>
</project>
The POM is alright as far as I have checked it right before adding the dependency-check. The rest of the code basically generates other reports that I will use to look for some security errors.
When I tried to generate the report by mvn site, it gave me the following error:
Failed to execute goal org.apache.maven.plugins:maven-site-plugin:3.9.0:site (default-site) on project P2_LH: Error generating dependency-check-maven:6.0.3:aggregate report
Why is this error happening?
Upvotes: 0
Views: 1822
Answers (1)
Andrian Soluk
Reputation: 474
Can you please try to replace OWASP plugin to the following:
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>6.0.1</version>
</plugin>
And after that please try to run the following command:
mvn test org.owasp:dependency-check-maven:check
HTML report should be generated
Upvotes: 1
Related Questions
- How to output a simple list of Maven dependencies
- Not able to get dependency check report in Maven
- Maven Dependency Issues: Provided and Compile dependencies working together
- Debugging Maven dependencies
- How to use maven to generate 3rd party dependency license documentation
- Building a dependencies jar with Maven
- Document Maven Dependencies
- get aggregated information about maven dependencies
- Maven plugin to output class dependencies
- Maven2: How do I generate a file that contains the names of the project's dependencies?