...
Element Name | Required/Default | Function |
---|---|---|
parentPomDir | Yes | This is the absolute path to the directory where the parent pom for the project is stored. This is parsed and used to
|
enforcerData V2 only | Yes | Absolute path to the folder where the keys (and if required) signatures for jars is located. See below. |
dataGroupId V3.0 | Yes | Maven coordinates of the project which contains the keys (and if required) signatures for jars. See below. |
dataKeyRing V3.0 | Yes | Absolute path to a keyring with keys which will be used to check the validity of the above specified jar file. |
jarDirs V2 only | Yes | Space separated list of absolute paths to directories to be checked. |
tgzFiles V3.0 |
| Space separated list of tar.gz files to be scanned. Supercedes jarFiles |
zipFiles V3.0 | Space separated list of zip files to be scanned. Supercedes jarFiles | |
checkSignatures | No / “true” | Whether to run signature checking on the contents |
sigCheckReportPath V3.0 | ${project.build.directory}\signatureReport.txt | Where to write the report of the signature checking. |
checkDependencies | No / “true” | Whether to run dependency analysis and report if any versions mismatch |
listJarSources | No / “false” | Whether, as part of the dependency check to do a reverse look up of artefact to source (this is a slow operation) |
depCheckReportPathV3.0 | ${project.build.directory}\dependencyReport.txt | Where to write the report of the signature checking. |
artifactMap V2 only | No/ ““ | An absolute path pointing to a property file which specifies the mapping from artifactId to groupId (for inherited dependencies which are not specified in the project pom files). The groupId is used to locate the keyring used to check the jar signatures. |
checkM2 | No/”false” | Whether all the non-source, non-test jar files in the users maven repository (~/.m2/repository) will be checked |
m2ReportPath V3.0 | ${project.build.directory}\m2SignatureReport.txt | Where to write the report of the m2 checking. |
...