Skip to content

Commit

Permalink
Providing template for integrated scanner configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
@karsten-klein
karsten-klein committed Jun 27, 2024
1 parent a069d44 commit 380ebb3
Show file tree
Hide file tree
Showing 5 changed files with 208 additions and 16 deletions.
29 changes: 13 additions & 16 deletions scanners/example-scanner/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,28 +14,26 @@
<packaging>pom</packaging>

<properties>
<!-- example uses output dir of ae-dependency-extractor; overwrite on command line -->
<source.dir>${project.basedir}/../../extractors/dependency-extractors/ae-dependency-extractor/target/scan</source.dir>

<ae.core.version>0.113.0</ae.core.version>
<ae.artifact.analysis.version>0.106.0</ae.artifact.analysis.version>
<ae.universe.version>1.7.0</ae.universe.version>

<!-- the directory to scan; supply on command line -->
<source.dir></source.dir>
</properties>

<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
</plugin>
<!-- plugin to scan the input directory for files -->
<plugin>
<groupId>org.metaeffekt.core</groupId>
<artifactId>ae-inventory-maven-plugin</artifactId>
</plugin>

<!-- plugin performing the license scan on the identified items -->
<plugin>
<groupId>com.metaeffekt.artifact.analysis</groupId>
<artifactId>ae-artifact-analysis-plugin</artifactId>
<version>${ae.artifact.analysis.version}</version>
</plugin>

</plugins>
Expand Down Expand Up @@ -77,20 +75,20 @@
<scanDirectory>${project.build.directory}/scan</scanDirectory>

<enableImplicitUnpack>false</enableImplicitUnpack>
<enableComponentPatternDetection>true</enableComponentPatternDetection>
<includeEmbedded>true</includeEmbedded>
<enableDetectComponentPatterns>true</enableDetectComponentPatterns>

<failOnError>false</failOnError>
<failOnBanned>false</failOnBanned>
<failOnInternal>false</failOnInternal>
<failOnUnknownVersion>false</failOnUnknownVersion>
<failOnUnknown>false</failOnUnknown>
<failOnUpgrade>false</failOnUpgrade>
<failOnDowngrade>false</failOnDowngrade>
<failOnUnknown>false</failOnUnknown>
<failOnUnknownVersion>false</failOnUnknownVersion>
<failOnDevelopment>false</failOnDevelopment>
<failOnInternal>false</failOnInternal>
<failOnUpgrade>false</failOnUpgrade>
<failOnMissingLicense>false</failOnMissingLicense>
<failOnMissingLicenseFile>false</failOnMissingLicenseFile>
<failOnMissingNotice>false</failOnMissingNotice>
<failOnMissingSources>false</failOnMissingSources>

<!-- REMARKS:
- the inventory may also consist of controls to further unpack archives in the
Expand All @@ -103,7 +101,6 @@
<scanIncludes>**/*</scanIncludes>
<scanExcludes>-none-</scanExcludes>


<targetInventoryDir>${project.build.directory}/inventory</targetInventoryDir>
</configuration>
</execution>
Expand All @@ -113,7 +110,7 @@
<plugin>
<groupId>com.metaeffekt.artifact.analysis</groupId>
<artifactId>ae-artifact-analysis-plugin</artifactId>
<version>${version.ae.artifact.analysis}</version>
<version>${ae.artifact.analysis.version}</version>
<executions>
<execution>
<id>extract</id>
Expand Down
161 changes: 161 additions & 0 deletions scanners/scanner-template/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,161 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>

<groupId>org.metaeffekt.example.documentation</groupId>
<artifactId>scanner-template</artifactId>
<version>1.0.0-SNAPSHOT</version>

<description>Self-contained template pom.xml for integrated license scanning.</description>

<packaging>jar</packaging>

<properties>
<ae.core.version>0.113.0</ae.core.version>
<ae.artifact.analysis.version>0.104.0</ae.artifact.analysis.version>
<ae.universe.version>1.7.0</ae.universe.version>

<!-- the directory to scan; supply on command line -->
<source.dir></source.dir>

<!-- access to the metaeffekt universe requires a license key protected by password; supplied by metaeffekt; provide on command line -->
<universe.consumer.password></universe.consumer.password>
<universe.consumer.keys></universe.consumer.keys>
</properties>

<build>
<plugins>
<!-- plugin to scan the input directory for files -->
<plugin>
<groupId>org.metaeffekt.core</groupId>
<artifactId>ae-inventory-maven-plugin</artifactId>
</plugin>

<!-- plugin performing the license scan on the identified items -->
<plugin>
<groupId>com.metaeffekt.artifact.analysis</groupId>
<artifactId>ae-artifact-analysis-plugin</artifactId>
</plugin>

</plugins>

<pluginManagement>
<plugins>

<plugin>
<groupId>org.metaeffekt.core</groupId>
<artifactId>ae-inventory-maven-plugin</artifactId>
<version>${ae.core.version}</version>
<executions>

<execution>
<id>prepare-scan-directory</id>
<goals>
<goal>prepare-scan-directory</goal>
</goals>
<phase>generate-sources</phase>
<configuration>
<inputDirectory>${source.dir}</inputDirectory>
<scanDirectory>${project.build.directory}/scan</scanDirectory>
<scanIncludes>
<include>**/*</include>
</scanIncludes>
<scanExcludes>
<exclude>---nothing---</exclude>
</scanExcludes>
</configuration>
</execution>

<execution>
<id>create-scan-report</id>
<goals>
<goal>create-directory-report</goal>
</goals>
<phase>process-sources</phase>
<configuration>
<scanDirectory>${project.build.directory}/scan</scanDirectory>

<enableImplicitUnpack>false</enableImplicitUnpack>
<includeEmbedded>true</includeEmbedded>
<enableDetectComponentPatterns>true</enableDetectComponentPatterns>

<failOnError>false</failOnError>
<failOnBanned>false</failOnBanned>
<failOnDowngrade>false</failOnDowngrade>
<failOnUnknown>false</failOnUnknown>
<failOnUnknownVersion>false</failOnUnknownVersion>
<failOnDevelopment>false</failOnDevelopment>
<failOnInternal>false</failOnInternal>
<failOnUpgrade>false</failOnUpgrade>
<failOnMissingLicense>false</failOnMissingLicense>
<failOnMissingLicenseFile>false</failOnMissingLicenseFile>
<failOnMissingNotice>false</failOnMissingNotice>

<!-- REMARKS:
- the inventory may also consist of controls to further unpack archives in the
source tree. It can be more than component patterns
-->
<!-- NOTE: dedicated definition for component patterns -->
<sourceInventoryDir>${project.basedir}/src/analysis</sourceInventoryDir>
<sourceInventoryIncludes>component-patterns.xls</sourceInventoryIncludes>

<scanIncludes>**/*</scanIncludes>
<scanExcludes>-none-</scanExcludes>


<targetInventoryDir>${project.build.directory}/inventory</targetInventoryDir>
</configuration>
</execution>
</executions>
</plugin>

<plugin>
<groupId>com.metaeffekt.artifact.analysis</groupId>
<artifactId>ae-artifact-analysis-plugin</artifactId>
<version>${ae.artifact.analysis.version}</version>
<executions>
<execution>
<id>extract</id>
<goals>
<goal>extract-artifacts</goal>
</goals>
<phase>compile</phase>
<configuration>
<!-- NOTE: dedicated definition for component patterns -->
<referenceInventoryDir>${project.basedir}/src/analysis/</referenceInventoryDir>
<referenceInventoryIncludes>component-patterns.xls</referenceInventoryIncludes>
</configuration>
</execution>
<execution>
<id>scan</id>
<goals>
<goal>scan-artifacts</goal>
<goal>report-artifacts</goal>
</goals>
<phase>compile</phase>
<configuration>
<!-- NOTE: for scanning and reporting we use the reference inventory -->
<referenceInventoryDir>${project.basedir}/src/analysis</referenceInventoryDir>
<referenceInventoryIncludes>reference-inventory.xls</referenceInventoryIncludes>
</configuration>
</execution>
</executions>
<configuration>
<id>${project.artifactId}</id>

<scanControlPropertiesFile>${project.basedir}/src/analysis/scan-control.properties</scanControlPropertiesFile>

<tmdGroupId>com.metaeffekt.universe</tmdGroupId>
<tmdArtifactId>ae-metaeffekt-universe</tmdArtifactId>
<tmdVersion>${ae.universe.version}</tmdVersion>

<userPassword>${universe.consumer.password}</userPassword>
<userKeysFile>${universe.consumer.keys}</userKeysFile>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>

</project>
Binary file added scanners/scanner-template/src/analysis/component-patterns.xls
View file
Binary file not shown.
Binary file added scanners/scanner-template/src/analysis/reference-inventory.xls
View file
Binary file not shown.
34 changes: 34 additions & 0 deletions scanners/scanner-template/src/analysis/scan-control.properties
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# These includes/excludes apply to unpacked analysis folder of an artifact in the analysis folder and specify the
# files included in the scanning process.
analyze.metascan.license.includes=**/*
analyze.metascan.license.excludes=\
**/.DS_Store,**/._*,\
**/.git/**/*,**/.git*,**/.git*,\
**/.svn/**/*,\
**/*.mp4,**/*.class,\
**/*.so,**/*.so.*,**/*.a,\
**/debug/core,**/Debug/core

# Segmentation filter includes/ignores. These includes specify which scan results contribute to the derived results.
# Licenses in filtered files are still reported as identified terms. Licenses in files that are ignored are not
# # reported.
analyze.scan.segmentation.ignore.includes=--none--
analyze.scan.segmentation.filter.includes=--none--

# enable scanning features
analyze.scan.pom.enabled=true
analyze.scan.license.enabled=true
analyze.scan.segmentation.enabled=true

# these scanning features require scancode; currently disabled
analyze.scan.scancode.enabled=false
analyze.scan.copyright.segmentation.enabled=true

# control overwrites; false means that scans are not overwritten and reused to boost performance of the scan
analyze.scan.license.overwrite=false
analyze.scan.scancode.overwrite=false
analyze.scan.segmentation.overwrite=false
analyze.scan.copyright.segmentation.overwrite=false

# forces html reports are produced when true
analyze.metascan.report.force=false

0 comments on commit 380ebb3

Please sign in to comment.