Difference between revisions of "MVN Plugin"
Line 68: | Line 68: | ||
<!-- ScanSummaryText --> |
<!-- ScanSummaryText --> |
||
<reportType></reportType> ( default: ScanDetailedXML ) |
<reportType></reportType> ( default: ScanDetailedXML ) |
||
− | <reportPath></reportPath> ( default: target/i18n ) |
+ | <reportPath></reportPath> ( default: target/i18n ) |
− | |||
</configuration> |
</configuration> |
||
</plugin> |
</plugin> |
Revision as of 18:28, 27 September 2016
Globalyzer has a number of clients: The Workbench, the command line interface, Lite, the Ant client, and the MVN plugin. When using a MVN project, you can add code scanning with Globalyzer using our MVN plugin. It is well suited for use within automation routines and Continuous Integration (CI) systems as well as within a typical developer environment, for instance within an Integrated Development Environments (IDEs).
The Globalyzer MVN plugin generates scan reports to a directory specified the pom.xml file. Scan reports are available in a variety of formats. We ask our MVN customers to install the MVN plugin in a private MVN repository for that company.
The steps to use the Globalyzer MVN plugin are the same as any MVN plugin:
- Install the plugin
- Configure the pom.xml
- Run MVN
Contents
Install the Globalyzer MVN Plugin
For those customers who require the MVN plugin, we make the globalyzer-maven-plugin-x.y.z-jar-with-dependencies.jar file available for downloadm where x.y.z is the version for the plugin, for instance 5.2.1. We ask that this jar file be installed in a private MVN repository at the customer's side.
You first need to get the file from a secure FTP location, which will be sent to customers who request it. Lingoport customers can request the MVN plugin by sending an email to support at lingoport dot com
For example, a developer who wants to install the plugin in their local .m2 repository can use the following installation command, provided for a version 5.2.1
of the MVN plugin. The same applies to other versions.t
C:\Users\Yourname>mvn install:install-file -Dfile="C:\Path\to\the\plugin\jarfile\globalyzer-maven-plugin-5.2.1-jar-with-dependencies.jar" -DgroupId=com.lingoport.globalyzer.client.maven -DartifactId=globalyzer-maven-plugin -Dversion=5.2.1 -Dpackaging=maven-plugin [INFO] Scanning for projects... [INFO] [INFO] ------------------------------------------------------------------------ [INFO] Building Maven Stub Project (No POM) 1 [INFO] ------------------------------------------------------------------------ [INFO] [INFO] --- maven-install-plugin:2.4:install-file (default-cli) @ standalone-pom --- [INFO] Installing C:\Linternal\Installers\install\globalyzer-maven-plugin-5.2.1.jar to C:\Users\Yourname\.m2\repository\com\lingoport\globalyzer\client\maven\globalyzer-maven-plugin\5.2.1\globalyzer-maven-plugin-5.2.1.jar [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 0.615 s [INFO] Finished at: 2016-09-09T15:49:59-06:00 [INFO] Final Memory: 7M/123M [INFO] ------------------------------------------------------------------------
Configure the Globalyzer MVN Plugin
The <build><plugins>
section of your module's pom.xml file must be configured. Here is how:
<plugin> <groupId>com.lingoport.globalyzer.client.maven</groupId> <artifactId>globalyzer-maven-plugin</artifactId> <version>5.2.1</version> <configuration> -required - - session level settings - <username>joe@company.com</username> <password>joespw</password> - scan level settings - <ruleSetName>Java Rule Set</ruleSetName> -optional - - session level settings - <serverUrl></serverUrl> (default: https://www.globalyzer.com/gzserver) <dataDictionaryDir></dataDictionaryDir> ( default: userhome/.globalyzer ) <scanTimeout></scanTimeout> ( default: 120 seconds ) <filterWithDictionary></filterWithDictionary> ( default: true ) <setLog4jProperties></setLog4jProperties> ( default: true ) <log4jPropertiesFileDir></log4jPropertiesFileDir> ( default: Globalyzer provided ) - scan level settings - <projectName></projectName> ( default: project artifact ) <projectDir></projectDir> ( default: project src/main/java ) <ruleSetOwner></ruleSetOwner> ( default: username ) <scanName></scanName> ( default: auto-generate ) <reportType></reportType> ( default: ScanDetailedXML ) <reportPath></reportPath> ( default: target/i18n ) </configuration> </plugin>
Notes:
- The session level settings are set once per MVN invocation. Whichever scan / project goal is executed first, its configuration will be set for all the subsequent scans
- The
log4jPropertiesFileDir
is precisely that: which log4j configuration file to use is thesetLog4jProperties/code> is set to true. For for example, if that setting points to
/path/to/log4j.properties
and in that configuration, the appender points to/path/to/globalyzer/log
, that's where the logs will be written out. - Best would be to have the exact same configuration for all Globalyzer goals to make sure one configuration is not taking over the other ones.
Running Globalyzer MVN Plugin From The Command Prompt / Shell
Globalyzer MVN Plugin can be executed from a command prompt or shell via the following command:
mvn com.lingoport.globalyzer.client.maven:globalyzer-maven-plugin:5.2.1:scan
After MVN finishes each scan, a Globalyzer report per scan is created at the location specified in the pom.xml report path. The default location for the reports are target/i18n for each MVN module.
If you have configured the execution to be in the validate
phase, you can run the simpler command:
mvn validate
(See the multi-scan example below)
Multi-Threaded Support
The Globalyzer MVN plugin supports multi-threaded invocation. For instance, on multi-module projects, use the -T option. For instance:
mvn com.lingoport.globalyzer.client.maven:globalyzer-maven-plugin:5.2.1:scan -Pglobalyzer -T1.0C
If you have configured the execution to be in the validate
phase, you can run the simpler command:
mvn validate -T1.0C
(See the multi-scan example below)
Multi-Scan Projects
To execute more than one scan on a MVN project, use as many "execution" as you have rule sets to apply to scan the code. For instance, two scans will be performed with the following snippet, one using the testjava
rule set, the other using the testjavascript
rule set:
<plugin>
<groupId>com.lingoport.globalyzer.client.maven</groupId>
<artifactId>globalyzer-maven-plugin</artifactId>
<version>5.2.1</version>
<executions>
<execution>
<id>execution1</id>
<phase>validate</phase>
<configuration>
<username>bob@yourcompany.com</username>
<password>bobpassword</password>
<ruleSetName>testjava</ruleSetName>
<scanName>java-report</scanName>
</configuration>
<goals>
<goal>scan</goal>
</goals>
</execution>
<execution>
<id>execution2</id>
<phase>validate</phase>
<configuration>
<username>bob@yourcompany.com</username>
<password>bobpassword</password>
<ruleSetName>testjavascript</ruleSetName>
<scanName>javascript-report</scanName>
</configuration>
<goals>
<goal>scan</goal>
</goals>
</execution>
</executions>
</plugin>
Sharing pom.xml Files Between IDEs and Build Systems
It is common to check in a single pom.xml
per code repository. However, some configuration on a developer's laptop may be different from a build system.
A possibility to bridge the environment is to keep the most Globalyzer specific configuration only in the pom.xml file and to move the system side in the settings.xml file.