customize mvn build command


#1

We have a repository with modules, and the modules depend on each other to build. DepShield is failing to find the just built snapshot of the dependency from the same repo because it insists on downloading the dependency from nexus, even though it was never installed there, and in normal local builds it will find it in its local machine repository.

A few thoughts come to mind on fixing this:

  1. DepShield does a mvn install command and provides a local repository.
  2. DepShield allows us to customize the build similar to how Travis CI does.
  3. others?

Thanks


#2

Thanks for the feedback, for our initial release we tried to balance CPU cycles spent and security concerns with overall ecosystem support. We will continue to tweak to find the best solution for all.

  1. DepShield does a mvn install command and provides a local repository.

Using feedback like yours we can best formulate an approach for projects who have a submodule dependent on the package or install phase of another to be complete. If your project is public, mind sharing it so we can use it as a data point in our future analysis?


#3

https://github.com/JohnDeere/work-tracker

  • Avery

#4

Thanks, I’ll make sure to ping you when we’ve figured out how to address projects like this.