Difference between revisions of "MVN Plugin"
(→Multi-Scan Projects) |
|||
(27 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
Globalyzer has a number of clients: The Workbench, the command line interface, Lite, the Ant client, and the MVN plugin. When using a MVN project, you can add code scanning with Globalyzer using our MVN plugin. |
Globalyzer has a number of clients: The Workbench, the command line interface, Lite, the Ant client, and the MVN plugin. When using a MVN project, you can add code scanning with Globalyzer using our MVN plugin. |
||
− | It is well suited for use within automation routines and Continuous Integration (CI) systems as well as within a typical developer environment, for instance within |
+ | It is well suited for use within automation routines and Continuous Integration (CI) systems as well as within a typical developer environment, for instance within Integrated Development Environments (IDEs). |
− | The Globalyzer MVN plugin generates scan reports to a directory specified the pom.xml file. Scan reports are available in a variety of formats. We ask our MVN customers to install the MVN plugin in a private MVN repository for that company. |
+ | The Globalyzer MVN plugin generates scan reports to a directory specified in the pom.xml file. Scan reports are available in a variety of formats. We ask our MVN customers to install the MVN plugin in a private MVN repository for that company. |
The steps to use the Globalyzer MVN plugin are the same as any MVN plugin: |
The steps to use the Globalyzer MVN plugin are the same as any MVN plugin: |
||
Line 12: | Line 12: | ||
== Install the Globalyzer MVN Plugin == |
== Install the Globalyzer MVN Plugin == |
||
+ | The MVN plugin can be downloaded from the Client Download Page on the Globalyzer Server. |
||
− | For those customers who require the MVN plugin, we make the globalyzer-mvn-plugin-x.y.z.jar file available for download. We ask that this jar file be installed in a private MVN repository at the customer's side. |
||
+ | The file name is globalyzer-maven-plugin-x.y.z_#.jar where x.y.z_# is the version (including build number) for the plugin, for instance 6.1.0_22. We ask that this jar file be installed in a private MVN repository at the customer's site. |
||
+ | For example, a developer who wants to install the plugin in their local .m2 repository can use the following installation command, provided for version <code>6.1.0</code> of the MVN plugin. The same applies to other versions. |
||
+ | |||
+ | C:\Users\Yourname>'''mvn install:install-file''' -Dfile="C:/Path/to/the/plugin/jarfile/'''globalyzer-maven-plugin-6.1.0_22.jar'''" -DgroupId='''com.lingoport.globalyzer.client.maven''' -DartifactId='''globalyzer-maven-plugin''' -Dversion='''6.1.0''' -Dpackaging='''maven-plugin''' |
||
+ | [INFO] Scanning for projects... |
||
+ | [INFO] |
||
+ | [INFO] ------------------------------------------------------------------------ |
||
+ | [INFO] Building Maven Stub Project (No POM) 1 |
||
+ | [INFO] ------------------------------------------------------------------------ |
||
+ | [INFO] |
||
+ | [INFO] --- maven-install-plugin:2.4:install-file (default-cli) @ standalone-pom --- |
||
+ | [INFO] Installing C:\Linternal\Installers\install\globalyzer-maven-plugin-6.1.0_22.jar to C:\Users\Yourname\.m2\repository\com\lingoport\globalyzer\client\maven\globalyzer-maven-plugin\6.1.0\globalyzer-maven-plugin-6.1.0_22.jar |
||
+ | [INFO] ------------------------------------------------------------------------ |
||
+ | [INFO] BUILD SUCCESS |
||
+ | [INFO] ------------------------------------------------------------------------ |
||
+ | [INFO] Total time: 0.615 s |
||
+ | [INFO] Finished at: 2016-09-09T15:49:59-06:00 |
||
+ | [INFO] Final Memory: 7M/123M |
||
+ | [INFO] ------------------------------------------------------------------------ |
||
== Configure the Globalyzer MVN Plugin == |
== Configure the Globalyzer MVN Plugin == |
||
Line 21: | Line 40: | ||
<groupId>com.lingoport.globalyzer.client.maven</groupId> |
<groupId>com.lingoport.globalyzer.client.maven</groupId> |
||
<artifactId>globalyzer-maven-plugin</artifactId> |
<artifactId>globalyzer-maven-plugin</artifactId> |
||
− | <version> |
+ | <version>6.1.0</version> |
<configuration> |
<configuration> |
||
− | '''-required- ''' |
+ | '''-required - ''' |
+ | '''- session level settings - ''' |
||
− | <username>joe@company.com</username> |
||
− | < |
+ | <username>joe@company.com</username> |
+ | <password>joespw</password> |
||
− | <ruleSetName>Java Rule Set</ruleSetName> |
||
− | '''- |
+ | '''- scan level settings - ''' |
+ | <ruleSetName>Java Rule Set</ruleSetName> |
||
− | <serverUrl></serverUrl> (default: https://www.globalyzer.com/gzserver) |
||
+ | '''-optional -''' |
||
− | <dataDictionaryDir></dataDictionaryDir> ( default: userhome/.globalyzer ) |
||
+ | '''- session level settings -''' |
||
− | <projectName></projectName> ( default: project artifact ) |
||
− | < |
+ | <serverUrl></serverUrl> (default: https://www.globalyzer.com/gzserver) |
− | < |
+ | <dataDictionaryDir></dataDictionaryDir> ( default: userhome/.globalyzer ) |
− | < |
+ | <scanTimeout></scanTimeout> ( default: 120 seconds ) |
− | < |
+ | <filterWithDictionary></filterWithDictionary> ( default: true ) |
− | < |
+ | <setLog4jProperties></setLog4jProperties> ( default: true ) |
+ | <log4jPropertiesFileDir></log4jPropertiesFileDir> ( default: Globalyzer provided ) |
||
− | <!-- choices: --> |
||
+ | <enhancedScanning></enhancedScanning> ( default: true ) |
||
− | <!-- ScanDetailedXML --> |
||
+ | <clearCache></clearCache> ( default: false ) |
||
− | <!-- ScanDetailedExcel --> |
||
− | + | '''- scan level settings -''' |
|
− | + | <projectName></projectName> ( default: project artifact ) |
|
+ | <projectDir></projectDir> ( default: project src/main/java ) |
||
− | <!-- ScanSummaryText --> |
||
− | < |
+ | <ruleSetOwner></ruleSetOwner> ( default: username ) |
− | < |
+ | <scanName></scanName> ( default: auto-generate ) |
+ | <!-- choices: --> |
||
− | <setLog4jProperties></setLog4jProperties> ( default: true ) |
||
− | + | <!-- ScanDetailedXML --> |
|
+ | <!-- ScanDetailedExcel --> |
||
+ | <!-- ScanDetailedCSV --> |
||
+ | <!-- ScanSummaryHtml --> |
||
+ | <!-- ScanSummaryText --> |
||
+ | <reportType></reportType> ( default: ScanDetailedXML ) |
||
+ | <reportPath></reportPath> ( default: target/i18n ) |
||
</configuration> |
</configuration> |
||
</plugin> |
</plugin> |
||
+ | |||
+ | Notes: |
||
+ | * The <b><code>session level settings </code></b> are set once per MVN invocation. Whichever scan / project goal is executed first, its configuration will be set for all the subsequent scans |
||
+ | * The <code>log4jPropertiesFileDir</code> is precisely that: which log4j <b>configuration</b> file to use if <code>setLog4jProperties</code> is set to true. For example, if that setting points to <code>/path/to/log4j.properties</code> and in that configuration, the appender points to <code>/path/to/globalyzer/log</code>, that's where the logs will be written out. |
||
+ | * Best would be to have the <b>exact same configuration</b> for all Globalyzer goals to make sure one configuration is not taking over the other ones. |
||
+ | * By default, <code>enhancedScanning</code> takes place. However, this detailed scanning takes a lot of memory. If you find that you are running out of memory when scanning, try setting this to false. |
||
+ | * By default, <code>clearCache</code> is set to false. This attribute only makes sense if <code>enhancedScanning</code> is set to true. It's a way to try to reduce the amount of memory used when performing detailed scanning. |
||
+ | |||
== Running Globalyzer MVN Plugin From The Command Prompt / Shell == |
== Running Globalyzer MVN Plugin From The Command Prompt / Shell == |
||
Line 53: | Line 86: | ||
Globalyzer MVN Plugin can be executed from a command prompt or shell via the following command: |
Globalyzer MVN Plugin can be executed from a command prompt or shell via the following command: |
||
− | <code>mvn com.lingoport.globalyzer.client.maven:globalyzer-maven-plugin: |
+ | <code>mvn com.lingoport.globalyzer.client.maven:globalyzer-maven-plugin:6.1.0:scan</code> |
− | After MVN finishes each scan, a Globalyzer report per scan is created at the location specified in the pom.xml report path. The default location for the reports are target/i18n for each MVN module. |
+ | After MVN finishes each scan, a Globalyzer report per scan is created at the location specified in the pom.xml report path. The default location for the reports are target/i18n for each MVN module. |
+ | If you have configured the execution to be in the <code>validate</code> phase, you can run the simpler command: |
||
− | == Multi-Threaded Support == |
||
− | The Globalyzer MVN plugin supports multi-threaded invocation. For instance, on multi-module projects, use the -T option. For instance: |
||
+ | <code>mvn validate</code> |
||
− | <code>mvn com.lingoport.globalyzer.client.maven:globalyzer-maven-plugin:5.2.1:scan -Pglobalyzer -T 1.0C</code> |
||
+ | |||
+ | (See the multi-scan example below) |
||
+ | |||
+ | == Multi-Threaded Support == |
||
+ | The Globalyzer MVN plugin does not support multi-threaded invocation. |
||
== Multi-Scan Projects == |
== Multi-Scan Projects == |
||
− | To execute more than one scan on a MVN project, use "execution |
+ | To execute more than one scan on a MVN project, use as many "execution" as you have rule sets to apply to scan the code. For instance, two scans will be performed with the following snippet, one using the <code>testjava</code> rule set, the other using the <code>testjavascript</code> rule set: |
<plugin> |
<plugin> |
||
<groupId>com.lingoport.globalyzer.client.maven</groupId> |
<groupId>com.lingoport.globalyzer.client.maven</groupId> |
||
<artifactId>globalyzer-maven-plugin</artifactId> |
<artifactId>globalyzer-maven-plugin</artifactId> |
||
− | <version> |
+ | <version>6.1.0</version> |
<executions> |
<executions> |
||
<execution> |
<execution> |
||
− | <id>execution1</id> |
+ | '''<id>execution1</id> |
− | <phase>validate</phase> |
+ | <phase>validate</phase'''> |
<configuration> |
<configuration> |
||
− | <username>bob@ |
+ | <username>bob@yourcompany.com</username> |
− | <password> |
+ | <password>bobpassword</password> |
− | <ruleSetName>testjava</ruleSetName> |
+ | '''<ruleSetName>testjava</ruleSetName>''' |
<scanName>java-report</scanName> |
<scanName>java-report</scanName> |
||
</configuration> |
</configuration> |
||
<goals> |
<goals> |
||
− | <goal>scan</goal> |
+ | '''<goal>scan</goal>''' |
</goals> |
</goals> |
||
</execution> |
</execution> |
||
<execution> |
<execution> |
||
− | <id>execution2</id> |
+ | '''<id>execution2</id> |
− | <phase>validate</phase> |
+ | <phase>validate</phase>''' |
<configuration> |
<configuration> |
||
− | <username>bob@ |
+ | <username>bob@yourcompany.com</username> |
− | <password> |
+ | <password>bobpassword</password> |
− | <ruleSetName>testjavascript</ruleSetName> |
+ | '''<ruleSetName>testjavascript</ruleSetName>''' |
<scanName>javascript-report</scanName> |
<scanName>javascript-report</scanName> |
||
</configuration> |
</configuration> |
||
<goals> |
<goals> |
||
− | <goal>scan</goal> |
+ | '''<goal>scan</goal>''' |
</goals> |
</goals> |
||
</execution> |
</execution> |
||
Line 103: | Line 140: | ||
== Sharing pom.xml Files Between IDEs and Build Systems == |
== Sharing pom.xml Files Between IDEs and Build Systems == |
||
− | It is common to check in a single pom.xml per code repository. However, some configuration on a developer's laptop may be different from a build system. |
+ | It is common to check in a single <code>pom.xml</code> per code repository. However, some configuration on a developer's laptop may be different from a build system. |
A possibility to bridge the environment is to keep the most Globalyzer specific configuration only in the pom.xml file and to move the system side in the settings.xml file. |
A possibility to bridge the environment is to keep the most Globalyzer specific configuration only in the pom.xml file and to move the system side in the settings.xml file. |
Latest revision as of 23:29, 23 March 2018
Globalyzer has a number of clients: The Workbench, the command line interface, Lite, the Ant client, and the MVN plugin. When using a MVN project, you can add code scanning with Globalyzer using our MVN plugin. It is well suited for use within automation routines and Continuous Integration (CI) systems as well as within a typical developer environment, for instance within Integrated Development Environments (IDEs).
The Globalyzer MVN plugin generates scan reports to a directory specified in the pom.xml file. Scan reports are available in a variety of formats. We ask our MVN customers to install the MVN plugin in a private MVN repository for that company.
The steps to use the Globalyzer MVN plugin are the same as any MVN plugin:
- Install the plugin
- Configure the pom.xml
- Run MVN
Contents
Install the Globalyzer MVN Plugin
The MVN plugin can be downloaded from the Client Download Page on the Globalyzer Server. The file name is globalyzer-maven-plugin-x.y.z_#.jar where x.y.z_# is the version (including build number) for the plugin, for instance 6.1.0_22. We ask that this jar file be installed in a private MVN repository at the customer's site.
For example, a developer who wants to install the plugin in their local .m2 repository can use the following installation command, provided for version 6.1.0
of the MVN plugin. The same applies to other versions.
C:\Users\Yourname>mvn install:install-file -Dfile="C:/Path/to/the/plugin/jarfile/globalyzer-maven-plugin-6.1.0_22.jar" -DgroupId=com.lingoport.globalyzer.client.maven -DartifactId=globalyzer-maven-plugin -Dversion=6.1.0 -Dpackaging=maven-plugin [INFO] Scanning for projects... [INFO] [INFO] ------------------------------------------------------------------------ [INFO] Building Maven Stub Project (No POM) 1 [INFO] ------------------------------------------------------------------------ [INFO] [INFO] --- maven-install-plugin:2.4:install-file (default-cli) @ standalone-pom --- [INFO] Installing C:\Linternal\Installers\install\globalyzer-maven-plugin-6.1.0_22.jar to C:\Users\Yourname\.m2\repository\com\lingoport\globalyzer\client\maven\globalyzer-maven-plugin\6.1.0\globalyzer-maven-plugin-6.1.0_22.jar [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 0.615 s [INFO] Finished at: 2016-09-09T15:49:59-06:00 [INFO] Final Memory: 7M/123M [INFO] ------------------------------------------------------------------------
Configure the Globalyzer MVN Plugin
The <build><plugins>
section of your module's pom.xml file must be configured. Here is how:
<plugin> <groupId>com.lingoport.globalyzer.client.maven</groupId> <artifactId>globalyzer-maven-plugin</artifactId> <version>6.1.0</version> <configuration> -required - - session level settings - <username>joe@company.com</username> <password>joespw</password> - scan level settings - <ruleSetName>Java Rule Set</ruleSetName> -optional - - session level settings - <serverUrl></serverUrl> (default: https://www.globalyzer.com/gzserver) <dataDictionaryDir></dataDictionaryDir> ( default: userhome/.globalyzer ) <scanTimeout></scanTimeout> ( default: 120 seconds ) <filterWithDictionary></filterWithDictionary> ( default: true ) <setLog4jProperties></setLog4jProperties> ( default: true ) <log4jPropertiesFileDir></log4jPropertiesFileDir> ( default: Globalyzer provided ) <enhancedScanning></enhancedScanning> ( default: true ) <clearCache></clearCache> ( default: false ) - scan level settings - <projectName></projectName> ( default: project artifact ) <projectDir></projectDir> ( default: project src/main/java ) <ruleSetOwner></ruleSetOwner> ( default: username ) <scanName></scanName> ( default: auto-generate ) <reportType></reportType> ( default: ScanDetailedXML ) <reportPath></reportPath> ( default: target/i18n ) </configuration> </plugin>
Notes:
- The
session level settings
are set once per MVN invocation. Whichever scan / project goal is executed first, its configuration will be set for all the subsequent scans - The
log4jPropertiesFileDir
is precisely that: which log4j configuration file to use ifsetLog4jProperties
is set to true. For example, if that setting points to/path/to/log4j.properties
and in that configuration, the appender points to/path/to/globalyzer/log
, that's where the logs will be written out. - Best would be to have the exact same configuration for all Globalyzer goals to make sure one configuration is not taking over the other ones.
- By default,
enhancedScanning
takes place. However, this detailed scanning takes a lot of memory. If you find that you are running out of memory when scanning, try setting this to false. - By default,
clearCache
is set to false. This attribute only makes sense ifenhancedScanning
is set to true. It's a way to try to reduce the amount of memory used when performing detailed scanning.
Running Globalyzer MVN Plugin From The Command Prompt / Shell
Globalyzer MVN Plugin can be executed from a command prompt or shell via the following command:
mvn com.lingoport.globalyzer.client.maven:globalyzer-maven-plugin:6.1.0:scan
After MVN finishes each scan, a Globalyzer report per scan is created at the location specified in the pom.xml report path. The default location for the reports are target/i18n for each MVN module.
If you have configured the execution to be in the validate
phase, you can run the simpler command:
mvn validate
(See the multi-scan example below)
Multi-Threaded Support
The Globalyzer MVN plugin does not support multi-threaded invocation.
Multi-Scan Projects
To execute more than one scan on a MVN project, use as many "execution" as you have rule sets to apply to scan the code. For instance, two scans will be performed with the following snippet, one using the testjava
rule set, the other using the testjavascript
rule set:
<plugin> <groupId>com.lingoport.globalyzer.client.maven</groupId> <artifactId>globalyzer-maven-plugin</artifactId> <version>6.1.0</version> <executions> <execution> <id>execution1</id> <phase>validate</phase> <configuration> <username>bob@yourcompany.com</username> <password>bobpassword</password> <ruleSetName>testjava</ruleSetName> <scanName>java-report</scanName> </configuration> <goals> <goal>scan</goal> </goals> </execution> <execution> <id>execution2</id> <phase>validate</phase> <configuration> <username>bob@yourcompany.com</username> <password>bobpassword</password> <ruleSetName>testjavascript</ruleSetName> <scanName>javascript-report</scanName> </configuration> <goals> <goal>scan</goal> </goals> </execution> </executions> </plugin>
Sharing pom.xml Files Between IDEs and Build Systems
It is common to check in a single pom.xml
per code repository. However, some configuration on a developer's laptop may be different from a build system.
A possibility to bridge the environment is to keep the most Globalyzer specific configuration only in the pom.xml file and to move the system side in the settings.xml file.