I’d like to run a NexusIQ scan on each Java build regardless of whether the build is run on a developer’s machine or from a CI tool. This allows a developer to reproduce results generated from a CI tool on his local machine as well as detect/fix issues before committing to source control.
I attempted to use the NexusIQ Maven plugin to accomplish this. However, I have many multi-module projects where some of the sub-modules comprise entirely of test code which is not marked as such. I added the clm.skip=true property to these sub-modules and ran the Maven plugin from the project root. Unfortunately the results included vulnerabilities from the sub-modules marked for skip.
I need a means to run the evaluation goal of the Maven plugin and skip any sub-modules marked for skipping.