MVN Plugin

From Lingoport Wiki
Revision as of 18:03, 17 November 2016 by Lcameron (talk | contribs)
Jump to: navigation, search

Globalyzer has a number of clients: The Workbench, the command line interface, Lite, the Ant client, and the MVN plugin. When using a MVN project, you can add code scanning with Globalyzer using our MVN plugin. It is well suited for use within automation routines and Continuous Integration (CI) systems as well as within a typical developer environment, for instance within Integrated Development Environments (IDEs).

The Globalyzer MVN plugin generates scan reports to a directory specified in the pom.xml file. Scan reports are available in a variety of formats. We ask our MVN customers to install the MVN plugin in a private MVN repository for that company.

The steps to use the Globalyzer MVN plugin are the same as any MVN plugin:

  • Install the plugin
  • Configure the pom.xml
  • Run MVN


Install the Globalyzer MVN Plugin

The MVN plugin can be downloaded from the Client Download Page on the Globalyzer Server. The file name is globalyzer-maven-plugin-x.y.z.jar where x.y.z is the version for the plugin, for instance 5.3.0. We ask that this jar file be installed in a private MVN repository at the customer's site.

For example, a developer who wants to install the plugin in their local .m2 repository can use the following installation command, provided for version 5.3.0 of the MVN plugin. The same applies to other versions.

 C:\Users\Yourname>mvn install:install-file -Dfile="C:/Path/to/the/plugin/jarfile/globalyzer-maven-plugin-5.3.0.jar" -DgroupId=com.lingoport.globalyzer.client.maven -DartifactId=globalyzer-maven-plugin -Dversion=5.3.0 -Dpackaging=maven-plugin
 [INFO] Scanning for projects...
 [INFO]
 [INFO] ------------------------------------------------------------------------
 [INFO] Building Maven Stub Project (No POM) 1
 [INFO] ------------------------------------------------------------------------
 [INFO]
 [INFO] --- maven-install-plugin:2.4:install-file (default-cli) @ standalone-pom ---
 [INFO] Installing C:\Linternal\Installers\install\globalyzer-maven-plugin-5.3.0.jar to C:\Users\Yourname\.m2\repository\com\lingoport\globalyzer\client\maven\globalyzer-maven-plugin\5.3.0\globalyzer-maven-plugin-5.3.0.jar
 [INFO] ------------------------------------------------------------------------
 [INFO] BUILD SUCCESS
 [INFO] ------------------------------------------------------------------------
 [INFO] Total time: 0.615 s
 [INFO] Finished at: 2016-09-09T15:49:59-06:00
 [INFO] Final Memory: 7M/123M
 [INFO] ------------------------------------------------------------------------

Configure the Globalyzer MVN Plugin

The <build><plugins> section of your module's pom.xml file must be configured. Here is how:

 <plugin>
 <groupId>com.lingoport.globalyzer.client.maven</groupId>
 <artifactId>globalyzer-maven-plugin</artifactId>
 <version>5.3.0</version>
 <configuration>
     -required - 
          - session level settings - 
          <username>joe@company.com</username>
          <password>joespw</password>
          - scan level settings - 
          <ruleSetName>Java Rule Set</ruleSetName>
     -optional -
          - session level settings -
          <serverUrl></serverUrl>  (default: https://www.globalyzer.com/gzserver)     
          <dataDictionaryDir></dataDictionaryDir>  ( default: userhome/.globalyzer )
          <scanTimeout></scanTimeout>  ( default: 120 seconds )
          <filterWithDictionary></filterWithDictionary> ( default: true )
          <setLog4jProperties></setLog4jProperties>  ( default: true )
          <log4jPropertiesFileDir></log4jPropertiesFileDir> ( default: Globalyzer provided )    
          <enhancedScanning></enhancedScanning> ( default: true )
          <clearCache></clearCache>  ( default: false )
          - scan level settings -    
          <projectName></projectName>  ( default: project artifact )    
          <projectDir></projectDir>  ( default: project src/main/java )
          <ruleSetOwner></ruleSetOwner>  ( default: username )
          <scanName></scanName>  ( default: auto-generate ) 
          <reportType></reportType>  ( default: ScanDetailedXML )
          <reportPath></reportPath>  ( default: target/i18n )        
 </configuration>
 </plugin>

Notes:

  • The session level settings are set once per MVN invocation. Whichever scan / project goal is executed first, its configuration will be set for all the subsequent scans
  • The log4jPropertiesFileDir is precisely that: which log4j configuration file to use if setLog4jProperties is set to true. For example, if that setting points to /path/to/log4j.properties and in that configuration, the appender points to /path/to/globalyzer/log, that's where the logs will be written out.
  • Best would be to have the exact same configuration for all Globalyzer goals to make sure one configuration is not taking over the other ones.
  • By default, enhancedScanning takes place. However, this detailed scanning takes a lot of memory. If you find that you are running out of memory when scanning, try setting this to false.
  • By default, clearCache is set to false. This attribute only makes sense if enhancedScanning is set to true. It's a way to try to reduce the amount of memory used when performing detailed scanning.


Running Globalyzer MVN Plugin From The Command Prompt / Shell

Globalyzer MVN Plugin can be executed from a command prompt or shell via the following command:

mvn com.lingoport.globalyzer.client.maven:globalyzer-maven-plugin:5.3.0:scan

After MVN finishes each scan, a Globalyzer report per scan is created at the location specified in the pom.xml report path. The default location for the reports are target/i18n for each MVN module.


If you have configured the execution to be in the validate phase, you can run the simpler command:

mvn validate

(See the multi-scan example below)

Multi-Threaded Support

The Globalyzer MVN plugin does not support multi-threaded invocation.

Multi-Scan Projects

To execute more than one scan on a MVN project, use as many "execution" as you have rule sets to apply to scan the code. For instance, two scans will be performed with the following snippet, one using the testjava rule set, the other using the testjavascript rule set:

 <plugin>
       <groupId>com.lingoport.globalyzer.client.maven</groupId>
       <artifactId>globalyzer-maven-plugin</artifactId>
       <version>5.3.0</version>
       <executions>
         <execution>
           <id>execution1</id>
           <phase>validate</phase>
             <configuration>
             <username>bob@yourcompany.com</username>
             <password>bobpassword</password>
             <ruleSetName>testjava</ruleSetName>
             <scanName>java-report</scanName>
             </configuration>
              <goals>
                 <goal>scan</goal>
             </goals>            
         </execution>
         <execution>
         <id>execution2</id>
          <phase>validate</phase>
           <configuration>
             <username>bob@yourcompany.com</username>
             <password>bobpassword</password>
             <ruleSetName>testjavascript</ruleSetName>
             <scanName>javascript-report</scanName>
            </configuration>
            <goals>
              <goal>scan</goal>
            </goals>
         </execution>
       </executions>                  
 </plugin>

Sharing pom.xml Files Between IDEs and Build Systems

It is common to check in a single pom.xml per code repository. However, some configuration on a developer's laptop may be different from a build system.

A possibility to bridge the environment is to keep the most Globalyzer specific configuration only in the pom.xml file and to move the system side in the settings.xml file.