io.github.pmckeown.dependencytrack.metrics.MetricsMojo Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of dependency-track-maven-plugin Show documentation

Maven plugin to integrate with a Dependency Track server to submit dependency manifests and gather project metrics.

There is a newer version: 1.7.0

Show newest version

package io.github.pmckeown.dependencytrack.metrics;

import io.github.pmckeown.dependencytrack.AbstractDependencyTrackMojo;
import io.github.pmckeown.dependencytrack.CommonConfig;
import io.github.pmckeown.dependencytrack.DependencyTrackException;
import io.github.pmckeown.dependencytrack.project.Project;
import io.github.pmckeown.dependencytrack.project.ProjectAction;
import io.github.pmckeown.util.Logger;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.LifecyclePhase;
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;

import javax.inject.Inject;

/**
 * Print the full set of metrics about a project as determined by the Dependency Track Server
 *
 * You can optionally define thresholds for failing the build where the number of issues in a particular category
 * is greater than the threshold you define for that category.
 *
 * For example the following configuration with fail the build if there are any Critical or High issues found in the
 * scan, more than 10 medium issues or more than 20 low issues.
 *
 * <configuration>
 *     <metricsThresholds>
 *         <critical>0</critical>
 *         <high>0</high>
 *         <medium>10</medium>
 *         <low>20</low>
 *         <unassigned>30</unassigned>
 *     </metricsThresholds>
 * </configuration>
 *
 * This allows you to tune build failures to your risk appetite.
 *
 * Specific configuration options are:
 * 
 *     metricsThresholds
 *     
 *          
 *              critical
 *              high
 *              medium
 *              low
 *              unassigned
 *          
 *     
 * 
 *
 * @author Paul McKeown
 */
@Mojo(name = "metrics", defaultPhase = LifecyclePhase.VERIFY)
public class MetricsMojo extends AbstractDependencyTrackMojo {

    private MetricsAction metricsAction;
    private ProjectAction getProjectAction;
    private MetricsPrinter metricsPrinter;
    private MetricsAnalyser metricsAnalyser;

    @Parameter(name = "metricsThresholds")
    private MetricsThresholds metricsThresholds;

    @Inject
    public MetricsMojo(MetricsAction metricsAction, ProjectAction getProjectAction, MetricsPrinter metricsPrinter,
           MetricsAnalyser metricsAnalyser, CommonConfig commonConfig, Logger logger) {
        super(commonConfig, logger);
        this.metricsAction = metricsAction;
        this.getProjectAction = getProjectAction;
        this.metricsPrinter = metricsPrinter;
        this.metricsAnalyser = metricsAnalyser;
    }

    @Override
    public void performAction() throws MojoExecutionException, MojoFailureException {
        try {
            Project project = getProjectAction.getProject(projectName, projectVersion);
            logger.debug("Project Details: %s", project.toString());

            Metrics metrics = getMetrics(project);
            metricsPrinter.print(metrics);

            if (metricsThresholds != null) {
                metricsAnalyser.analyse(metrics, metricsThresholds);
            }
        } catch (DependencyTrackException ex) {
            handleFailure(ex.getMessage(), ex);
        }
    }

    private Metrics getMetrics(Project project) throws DependencyTrackException {
        if (project.getMetrics() != null) {
            return project.getMetrics();
        } else {
            return metricsAction.getMetrics(project);
        }
    }

    void setMetricsThresholds(MetricsThresholds thresholds) {
        this.metricsThresholds = thresholds;
    }
}