Possible to use DepShield on Multi-Module maven projects?


#1

I fail to use depShield on multi-module builds, like this one:

Of course some Modules depend on others, which seems to cause a problem when using depShield. Normal maven builds to work fine.

Is this expected behaviour?


#2

Hey @uwe, thanks for trying out DepShield. This seems similar to customize mvn build command so you can find some information there. The short of it is that we try

to balance CPU cycles spent and security concerns with overall ecosystem support

and have not implemented support for multi-module projects where the submodules rely on each other. This is still being entertained but I have no predictions if it will be implemented.


#3

Hello @uwe,

We have released multi-module support in DepShield. We have manually triggered a scan of repositories mentioned in tickets. Other repositories will require a change to their pom.xml to trigger a new scan.

Thanks!


#4

Thanks, eager to see it in action.


#5

The badge claims that it is still processing. Maybe i am too impatient, but is there a way to see the execution status or even logs?


#6

I verified the badge was available after re-processing Mercateo/jsonhoist yesterday (see screenshot). Is there another repository that you own that needs an update? If so: