Home > Mobile >  Maven Tycho: find out where transitive dependencies are coming from
Maven Tycho: find out where transitive dependencies are coming from

Time:11-17

I have a Maven project setup with Tycho. Is there a way of finding out where a transitive dependency is coming from? (e.g., by showing a dependency tree)

Background

I am trying to address vulnerabilities that were found in some of our dependencies by running

mvn org.owasp:dependency-check-maven:check -DfailBuildOnCVSS=7

Most of the dependencies that show up are actually transitive dependencies, so they are actually not directly present in our project. To find out where they are coming from, I tried running mvn dependency:tree, but due to the way Tycho works, all dependencies that Tycho fetches show up as direct dependencies, so I've no idea where they're coming from.

Is there a way of finding out where a transative dependency is coming from? E.g., a Tycho-way of running mvn dependency:tree?

CodePudding user response:

In Tycho 3.0.0, a new mojo, tycho-p2-plugin:dependency-tree has been added. It has been announced here: https://github.com/eclipse-tycho/tycho/blob/master/RELEASE_NOTES.md#new-tycho-p2-plugindependency-tree-mojo

Page link:https//www.codepudding.com/Mobile/612883.html

Prev:how to I control 3 different threads using threading in python?
Next:QVariantMap dosen't work in QML with Clang Compiler - Segmentation fault
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding