• Home
• org.cyclonedx
• cyclonedx-maven-plugin
• 2.9.1
• source code
• ProjectDependenciesConverter.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.cyclonedx.maven.ProjectDependenciesConverter Maven / Gradle / Ivy

/*
 * This file is part of CycloneDX Maven Plugin.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * SPDX-License-Identifier: Apache-2.0
 * Copyright (c) OWASP Foundation. All Rights Reserved.
 */
package org.cyclonedx.maven;

import org.apache.maven.artifact.Artifact;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.project.MavenProject;
import org.cyclonedx.model.Component;
import org.cyclonedx.model.Dependency;
import org.cyclonedx.model.Metadata;

import java.util.Map;

/**
 * Converts a Maven Project with its Maven dependencies resolution graph into a SBOM dependencies list
 * with their {@code dependsOn}.
 */
public interface ProjectDependenciesConverter {

    BomDependencies extractBOMDependencies(MavenProject mavenProject, MavenDependencyScopes include, String[] excludes) throws MojoExecutionException;

    /**
     * Check consistency between BOM components and BOM dependencies, and cleanup: drop components found while walking the
     * Maven dependency resolution graph but that are finally not kept in the effective dependencies list.
     *
     * @param metadata the SBOM metadata
     * @param components the SBOM components
     * @param dependencies the SBOM dependencies
     */
    void cleanupBomDependencies(Metadata metadata, Map components, Map dependencies);

    public static class MavenDependencyScopes {
        public final boolean compile;
        public final boolean provided;
        public final boolean runtime;
        public final boolean test;
        public final boolean system;

        public MavenDependencyScopes(boolean compile, boolean provided, boolean runtime, boolean test, boolean system) {
            this.compile = compile;
            this.provided = provided;
            this.runtime = runtime;
            this.test = test;
            this.system = system;
        }
    }

    public static class BomDependencies {
        private final Map dependencies;
        private final Map artifacts;
        private final Map dependencyArtifacts;

        public BomDependencies(final Map dependencies, final Map artifacts, final Map dependencyArtifacts) {
            this.dependencies = dependencies;
            this.artifacts = artifacts;
            this.dependencyArtifacts = dependencyArtifacts;
        }

        public final Map getDependencies() {
            return dependencies;
        }

        public final Map getDependencyArtifacts() {
            return dependencyArtifacts;
        }

        public final Map getArtifacts() {
            return artifacts;
        }
    }
}