I have been struggling with creating an aggregate goal that successfully works and I was hoping someone on this list could help. The plugin is dependency-check-maven <https://github.com/jeremylong/DependencyCheck/tree/master/dependency-check-maven>; it performs identification (CPE <https://nvd.nist.gov/cpe.cfm>) and known vulnerability (CVE <http://cve.mitre.org/>) reporting on dependencies used by the project.
In order to perform CPE identification, the plugin needs maven to resolve each modules’ dependencies. If we have a simple multi-module project: Parent -Child1 -Child2 If one defines the aggregate goal in the Parent, when the plugin executes dependency resolution (obviously) hasn’t executed on the child modules. As such, my plugin is unable analyze the dependencies of the child modules. I am currently using a hack, which turns out to be broken, that waits until the plugin executes in the last module in the reactor and then builds the aggregate report and over-writes the blank report that was generated when Parent was processed. This “worked” in many cases, but again fails for anything beyond site:site. Running site:stage, due to execution order, would copy the blank report into the staging directory prior to the correct report being generated. Does anyone have any suggestions for building an aggregate goal that requires dependency resolution of all child modules? Is there a convenient API that I am missing to trigger dependency resolution in child modeules? Thanks in advance, Jeremy
