The actual problem is that applicationFile is used to tell scan what application to read and scan. There are no options to control where the files are produced from application and project mojos...this is because the ounce tool has an expectation where they are. It's the same as the eclipse .project and .classpath files essentially. Just add them to svn ignore...
-----Original Message----- From: Wendy Smoak [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2008 3:41 PM To: user@mojo.codehaus.org Subject: [mojo-user] Convincing the Ounce plugin to put files in 'target' I need some help with the Ounce plugin. The docs for the ounce:scan goal [1] mention: applicationFile String The location of the application file (.paf) to scan. Default value is ${basedir}/${project.artifactId}.paf. I have configured: <applicationFile>${project.build.directory}/${project.artifactId}</appli cationFile> then <applicationFile>target/${project.artifactId}.paf</applicationFile> and finally <applicationFile>stuff.paf</applicationFile>. I always get ounce-scan.paf in ${basedir} which matches the default ${basedir}]/${project.artifactId}.paf. Similarly, it ignores my configuration for the location of the assessment output xml file and always puts that in ${basedir}, as well as storing a .ppf file there for which I don't see any configuration options. This breaks the release process because those files are not under version control and are considered 'local changes'. (Since the files are generated during the build, I think it should default to them being in the target directory, but I'd settle for being able to configure it.) Does anyone see what's wrong, or have any other suggestions? This configuration came from another group internally and I'm not familiar with the Ounce Labs tool. The goal is to have the plugin configuration in an organization level parent pom, probably in a profile, so that it is inherited by all projects and scanning can be automated on the CI server. In the parent pom: <build> <plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>ounce-maven-plugin</artifactId> <configuration> <installDir>/usr/local/share/Ounce_Labs</installDir> <applicationFile>${project.build.directory}/${artifactId}.paf</applicati onFile> <includeTestSources>false</includeTestSources> <assessmentOutput>${project.build.directory}/${artifactId}-assessment.xm l</assessmentOutput> <publish>false</publish> <waitForScan>true</waitForScan> </configuration> <executions> <execution> <id>create-ounce-project</id> <goals> <goal>project-only</goal> <goal>application</goal> </goals> </execution> </executions> </plugin> ... This is used with "mvn clean install ounce:scan" on the CI server. We're using ounce-maven-plugin version 1.0, the version is set in pluginManagement in a parent pom. [1] http://mojo.codehaus.org/ounce-maven-plugin/scan-mojo.html Thanks, -- Wendy --------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email --------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
