1. VersionEye Avatar VersionEye
  2. VersionEye
  3. versioneye
  4. Issues

Dependencies none in a multi-module maven project

Issue #199 resolved
bbriniotis created an issue

Hello,

Your service reports that the following project has not dependencies while it clearly does: https://www.versioneye.com/java/com.datumbox:datumbox-framework/0.7.0

Perhaps the bug is related to the fact that the project is multi-module?

Hope you will resolve this.

Best Regards, Vasilis

Comments (6)

  1. Robert Reiz

    Hi @bbriniotis I guess the dependencies are missing because they are not declared directly. They are declared in the DependencyManagement section. Currently investigating.

  2. Robert Reiz

    I just double checked the case. But it's not really a bug. The project you are referencing is a parent pom project and it doesn't have dependencies. It has some dependencies defined in the "DependencyManagement" section and child projects inheriting from that parent pom can use them but don't inherit them automatically. It's an optional thing.

  4. bbriniotis reporter

    Hey Robert,

    I understand and it makes sense.

    On the other hand, currently if you have a multi-project it is impossible to check in a single view if my library is up-to-date. I could check the individual modules but again I have to go through all of them one by one. Plus the "dependencies-none" message is quite mileading, even though I do understand that technically this project (parent) has no dependencies.

    Consider it a feature request, it would be awesome if you had a separate API/image that could check and report the DependencyManagement.

    I hope you will consider it. Thanks for the great service!

  5. Robert Reiz

    Hi @bbriniotis. That's not completely true. If you are using the VersionEye Maven Plugin to create and update your multi module project on VersionEye you get all modules in one project view and you get even a summary view about all modules where you can see immediately all out-dated and unknown dependencies. For complex Java projects I always recommend to use either the VersionEye Maven Plugin, or VersionEye SBT Plugin or the VersionEye Gradle Plugin.

  6. Robert Reiz

    You just need to add the VersionEye Maven Plugin to your parent pom and then run once: 

    mvn versioneye:create

    to create the project with all child modules on the VersionEye server. Then on your CI system you can run on each build this command: 

    mvn versioneye:update

    to update the VersionEye project with the current dependencies. If you like you can also use this goal: 

    mvn versioneye:securityCheck

    That is doing the same thing as 'update' but also checks your dependencies for known security vulnerabilities. If there are some this goal will break your build ;-) And this goal here checks your dependencies against a license whitelist on the Server: 

    mvn versioneye:licenseCheck

    That requires that you have a license whitelist on the server attached to your project. If one of your dependencies violates the license whitelist this goal will break your build. That is quiet useful, specially if you are using accidentally a GPL dependency in a closed source project ;-)

  7. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Component
VersionEye-WWW
Milestone
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!