Package org.spdx.maven.utils

Class SpdxV2DependencyBuilder

java.lang.Object
org.spdx.maven.utils.AbstractDependencyBuilder
org.spdx.maven.utils.SpdxV2DependencyBuilder
public class SpdxV2DependencyBuilder extends AbstractDependencyBuilder
Builds dependencies for a parent package based on Maven dependency information
Author:
Gary O'Neall

  • Constructor Details

    • SpdxV2DependencyBuilder

      public SpdxV2DependencyBuilder(SpdxV2DocumentBuilder builder, boolean createExternalRefs, boolean generatePurls, boolean useArtifactID, boolean includeTransitiveDependencies)
      Parameters:
      builder - The document builder
      createExternalRefs - if true, create external references for dependencies
      generatePurls - if true, generate a Package URL and include as an external identifier for the dependencies
      useArtifactID - if true, use the artifact ID for the name of the dependency package, otherwise use the Maven configured project name
      includeTransitiveDependencies - If true, include transitive dependencies, otherwise include only direct dependencies

  • Method Details

    • spdxDocumentFromFile

      protected static org.spdx.library.model.v2.SpdxDocument spdxDocumentFromFile(String path) throws FileNotFoundException, IOException, org.spdx.core.InvalidSPDXAnalysisException
      Creates an SPDX document from a file
      Parameters:
      path - Path to the SPDX file
      Returns:
      an SPDX Spec version 2 document
      Throws:
      IOException - on IO Error
      FileNotFoundException - if the file does not exist
      org.spdx.core.InvalidSPDXAnalysisException - on invalid SPDX file

    • findMatchingDescribedPackage

      protected static org.spdx.library.model.v2.SpdxPackage findMatchingDescribedPackage(org.spdx.library.model.v2.SpdxDocument externalSpdxDoc, String artifactId) throws org.spdx.core.InvalidSPDXAnalysisException
      Searched the described packages for the SPDX document for the closest matching package to the artifactId
      Parameters:
      externalSpdxDoc - Doc containing the package
      artifactId - Maven artifact ID
      Returns:
      the closest matching package described by the doc
      Throws:
      org.spdx.core.InvalidSPDXAnalysisException - on SPDX errors

    • addMavenDependency

      protected void addMavenDependency(org.spdx.core.CoreModelObject parentPackage, org.apache.maven.shared.dependency.graph.DependencyNode dependencyNode, org.apache.maven.project.ProjectBuilder mavenProjectBuilder, org.apache.maven.execution.MavenSession session, org.apache.maven.project.MavenProject mavenProject) throws LicenseMapperException, org.spdx.core.InvalidSPDXAnalysisException
      Throws:
      LicenseMapperException
      org.spdx.core.InvalidSPDXAnalysisException