Merge pull request #63 from spdx/issue61

Include transitive dependencies in SBOM output
spdx · Oct 10, 2022 · 94bc4e0 · 94bc4e0
2 parents 84578d7 + c960c34
commit 94bc4e0
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 24 deletions.
diff --git a/pom.xml b/pom.xml
@@ -19,6 +19,7 @@
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
+    <maven.version>3.8.5</maven.version>
     <sonar.host.url>https://sonarcloud.io</sonar.host.url>
     <sonar.organization>spdx</sonar.organization>
     <sonar.projectKey>spdx-maven-plugin</sonar.projectKey>
@@ -56,12 +57,12 @@
     <dependency>
       <groupId>org.apache.maven</groupId>
       <artifactId>maven-plugin-api</artifactId>
-      <version>2.2.1</version>
+      <version>${maven.version}</version>
     </dependency>
     <dependency>
       <groupId>org.apache.maven.plugin-tools</groupId>
       <artifactId>maven-plugin-annotations</artifactId>
-      <version>3.3</version>
+      <version>3.6.4</version>
       <scope>provided</scope>
     </dependency>
 	  <dependency>
@@ -87,13 +88,13 @@
     </dependency>
     <dependency>
     	<groupId>org.apache.maven</groupId>
-    	<artifactId>maven-project</artifactId>
-    	<version>2.2.1</version>
+    	<artifactId>maven-core</artifactId>
+    	<version>${maven.version}</version>
     </dependency>
     <dependency>
-    	<groupId>org.apache.maven.shared</groupId>
+    	<groupId>org.apache.maven.plugin-testing</groupId>
     	<artifactId>maven-plugin-testing-harness</artifactId>
-    	<version>1.1</version>
+    	<version>3.3.0</version>
     	<scope>test</scope>
     </dependency>
     <dependency>
@@ -104,12 +105,17 @@
     <dependency>
     	<groupId>org.apache.maven.shared</groupId>
     	<artifactId>file-management</artifactId>
-    	<version>1.2.1</version>
+    	<version>3.1.0</version>
     </dependency>
     <dependency>
     	<groupId>org.apache.maven</groupId>
     	<artifactId>maven-artifact</artifactId>
-    	<version>2.2.1</version>
+    	<version>${maven.version}</version>
+    </dependency>
+    <dependency>
+        <groupId>org.apache.maven</groupId>
+        <artifactId>maven-compat</artifactId>
+        <version>${maven.version}</version>
     </dependency>
   </dependencies>
 

diff --git a/src/main/java/org/spdx/maven/CreateSpdxMojo.java b/src/main/java/org/spdx/maven/CreateSpdxMojo.java
@@ -28,6 +28,7 @@
 import org.apache.maven.plugins.annotations.LifecyclePhase;
 import org.apache.maven.plugins.annotations.Mojo;
 import org.apache.maven.plugins.annotations.Parameter;
+import org.apache.maven.plugins.annotations.ResolutionScope;
 import org.apache.maven.project.MavenProject;
 import org.apache.maven.project.MavenProjectHelper;
 import org.apache.maven.shared.model.fileset.FileSet;
@@ -41,14 +42,13 @@
 import org.spdx.library.model.license.LicenseInfoFactory;
 import org.spdx.library.model.license.SpdxNoAssertionLicense;
 
-import edu.emory.mathcs.backport.java.util.Arrays;
-
 import java.io.File;
 import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -78,7 +78,8 @@
  * Additional SPDX fields are supplied as configuration parameters to this plugin.
  */
 @Mojo( name = "createSPDX",
-       defaultPhase = LifecyclePhase.VERIFY )
+       defaultPhase = LifecyclePhase.VERIFY,
+       requiresDependencyResolution = ResolutionScope.COMPILE )
 @Execute( goal = "createSPDX",
           phase = LifecyclePhase.VERIFY )
 public class CreateSpdxMojo extends AbstractMojo
@@ -360,10 +361,9 @@ public class CreateSpdxMojo extends AbstractMojo
 
     private String artifactType;
 
-    @SuppressWarnings( "unchecked" )
     public void execute() throws MojoExecutionException
     {
-        this.dependencies = mavenProject.getDependencyArtifacts();
+        this.dependencies = mavenProject.getArtifacts();
         if ( this.getLog() == null )
         {
             throw ( new MojoExecutionException( "Null log for Mojo" ) );
@@ -694,7 +694,6 @@ private void logIncludedDirectories( FileSet[] includedDirectories )
         for ( FileSet includedDirectory : includedDirectories )
         {
             StringBuilder sb = new StringBuilder( "Included Directory: " + includedDirectory.getDirectory() );
-            @SuppressWarnings( "unchecked" )
             List<String> includes = includedDirectory.getIncludes();
             if ( includes != null && includes.size() > 0 )
             {
@@ -706,7 +705,6 @@ private void logIncludedDirectories( FileSet[] includedDirectories )
                     sb.append( includes.get( j ) );
                 }
             }
-            @SuppressWarnings( "unchecked" )
             List<String> excludes = includedDirectory.getExcludes();
             if ( excludes != null && excludes.size() > 0 )
             {
@@ -809,7 +807,6 @@ private SpdxProjectInformation getSpdxProjectInfoFromParameters( LicenseManager
         AnyLicenseInfo declaredLicense = null;
         if ( this.licenseDeclared == null )
         {
-            @SuppressWarnings( "unchecked" )
             List<License> mavenLicenses = mavenProject.getLicenses();
             try
             {
@@ -998,7 +995,6 @@ private String getDefaultProjectName()
     private FileSet[] getSourceDirectories()
     {
         ArrayList<FileSet> result = new ArrayList<>();
-        @SuppressWarnings( "unchecked" )
         List<String> sourceRoots = this.mavenProject.getCompileSourceRoots();
         if ( sourceRoots != null )
         {
@@ -1024,7 +1020,6 @@ private FileSet[] getSourceDirectories()
     private FileSet[] getResourceDirectories()
     {
         ArrayList<FileSet> result = new ArrayList<>();
-        @SuppressWarnings( "unchecked" )
         List<String> sourceRoots = this.mavenProject.getCompileSourceRoots();
         if ( sourceRoots != null )
         {
@@ -1038,7 +1033,6 @@ private FileSet[] getResourceDirectories()
                 this.getLog().debug( "Adding sourceRoot directory " + srcFileSet.getDirectory() );
             }
         }
-        @SuppressWarnings( "unchecked" )
         List<Resource> resourceList = this.mavenProject.getResources();
         if ( resourceList != null )
         {
@@ -1066,7 +1060,6 @@ private FileSet[] getResourceDirectories()
     private FileSet[] getTestDirectories()
     {
         ArrayList<FileSet> result = new ArrayList<>();
-        @SuppressWarnings( "unchecked" )
         List<String> sourceRoots = this.mavenProject.getTestCompileSourceRoots();
         if ( sourceRoots != null )
         {

diff --git a/src/test/java/org/spdx/maven/TestSpdxFileCollector.java b/src/test/java/org/spdx/maven/TestSpdxFileCollector.java
@@ -11,6 +11,7 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -43,8 +44,6 @@
 import org.spdx.library.model.pointer.StartEndPointer;
 import org.spdx.storage.simple.InMemSpdxStore;
 
-import edu.emory.mathcs.backport.java.util.Collections;
-
 
 public class TestSpdxFileCollector
 {

diff --git a/src/test/java/org/spdx/maven/TestSpdxMojo.java b/src/test/java/org/spdx/maven/TestSpdxMojo.java
@@ -7,6 +7,7 @@
 import java.net.URI;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 
 import org.apache.maven.plugin.testing.AbstractMojoTestCase;
@@ -34,8 +35,6 @@
 import org.spdx.storage.ISerializableModelStore;
 import org.spdx.storage.simple.InMemSpdxStore;
 
-import edu.emory.mathcs.backport.java.util.Collections;
-
 public class TestSpdxMojo extends AbstractMojoTestCase
 {