CodeLogic Maven Plug-in
The CodeLogic Maven Plug-in provides an easy way to integrate CodeLogic artifact scanning into an existing Maven build process. The plug-in is already included with your CodeLogic Server installation. Follow the steps below to configure and run the plug-in.
Create an Agent in CodeLogic
- Click Admin and then select the Agents tab.
- Click Create Agent.
- The Create Agent window opens.
- Enter a name for the agent in the Agent Name field.
- Optionally, enter a description in the Agent Description field.
- Click Save.
-
A confirmation dialog box is displayed.
Important
Do not click OK or close your browser until you have copied the Agent ID AND Password. There is no way to retrieve this password.
-
Configure the Plug-in
Note
An example of a complete settings-override.xml file is provided here: Example settings-override.xml
-
Open your
settings-override.xmlfile. -
Add a mirror to your
settings-override.xmlfile in the profiles section.<profiles> <mirror> <id>codelogic</id> <mirrorOf>codelogic</mirrorOf> <url>https://localhost/codelogic/server</url> </mirror> </profiles>Note
The URL is the URL of your CodeLogic Server.
-
Add a properties section.
The properties section must include:
codelogic.url- The URL of your CodeLogic Server.codelogic.oauth.username- The Agent ID from above.codelogic.oauth.password- The Password from above.
<profiles> <profile> <id>artifactory</id> <properties> <codelogic.url>http://localhost/codelogic/server</codelogic.url> <codelogic.oauth.username>ffffffff-ffff-ffff-ffff-ffffffffffff</codelogic.oauth.username> <codelogic.oauth.password>secret-passcode</codelogic.oauth.password> </properties> </profile> </profiles>Optionally, you may add any of the following configuration properties.
This is the full list of configuration properties, which can be specified globally within the
settings.xmlfile or can be provided as configuration parameters within the plug-in configuration within apom.xmlfile. Alternatively, these parameters can be provided directly on the command line while invokingmvnas-DpropertyName=value.Property Required Default Value Description codelogic.url true The url of the CodeLogic Server to publish scanned graphs. codelogic.oauth.username true The username or agentID of the credentials being used. codelogic.oauth.password true The password to authenticate with the remote server. codelogic.batchSize false 500 The batchSize for submitting discovered scan data to the server. codelogic.methodInvokesScanningEnabled false true Determines whether to collect and report method->method INVOKES relationships. codelogic.methodInvokesScanningPackageIncludeList false A comma separated list of packages to include in method->method invokes relationship reporting. codelogic.applicationGroups false A comma separated list of application names to associate with scanned artifacts. -
Add a repository in the repositories section.
The repository section must include:
<repositories> <repository> <id>codelogic</id> <name>codelogic</name> <url>https://localhost/codelogic/server/packages/maven/libs-release</url> </repository> </repositories>Note
The URL is the URL of the repository.
-
Add a pluginRepository.
The pluginRepository section must include:
<pluginRepositories> <pluginRepository> <id>codelogic</id> <name>codelogic</name> <url>https://localhost/codelogic/server/packages/maven/libs-release</url> </pluginRepository> </pluginRepositories>Note
The URL is the URL of the plug-in repository.
-
Save
settings-override.xml. - If you have not already done so, click OK to close the dialog box in CodeLogic from Create an Agent in CodeLogic.
Run the Plug-in
Note
The goals can be run from the command line on any Maven project as long as there is a published version of the jcape-maven-plugin available in Maven's configured repositories or locally.
You can run the commands listed below and specify -pl :sub-project to target a specific sub-project, scan results will be published only for the specified sub-project. If you do not include the parameter, scan results will be published for all artifacts generated across all sub-projects.
CODELOGIC-DISPLAY
mvn com.codelogic.agent.java:jcape-maven-plugin:21.21.1:codelogic-display
This goal will locally scan an artifact and display the resulting nodes and relationships in the terminal without publishing them to a remote server.
CODELOGIC-SCAN
mvn com.codelogic.agent.java:jcape-maven-plugin:21.21.1:codelogic-scan
This goal will locally scan an artifact and publish the resulting nodes and relationships to the configured CodeLogic Server.
Integration with Project pom.xml (Optional)
The CodeLogic Plug-in can be directly integrated with your build script in a pom.xml file.
<build>
<plugins>
<plugin>
<groupId>com.codelogic.agent.java</groupId>
<artifactId>jcape-maven-plugin</artifactId>
<version>21.21.1</version>
<executions>
<execution>
<id>codelogic-scan</id>
<phase>install</phase>
<goals>
<goal>codelogic-scan</goal>
</goals>
</execution>
</executions>
<configuration>
<codelogic.batchSize>1000</codelogic.batchSize>
<codelogic.methodInvokesScanningEnabled>true</codelogic.methodInvokesScanningEnabled>
<codelogic.methodInvokesScanningPackageIncludeList>org.,net.</codelogic.methodInvokesScanningPackageIncludeList>
<codelogic.applicationGroups>jCape</codelogic.applicationGroups>
</configuration>
</plugin>
</plugins>
</build>
Run the Plug-in with Docker (Optional)
Example command:
docker run --rm \
-i -t \
--workdir /tmp/app/ \
--volume ~/.m2/:/tmp/.m2/ \
--user `id -u`:`id -g` \
--volume /path/to/the/archives/you/want/to/scan/:/tmp/app/ \
-e MAVEN_CONFIG=/tmp/.m2 \
maven:3.6.3-jdk-11 \
sh -c 'mvn -s settings-override.xml com.codelogic.agent \
java:jcape-maven-plugin:$CODELOGIC_VERSION:codelogic-scan \
-Dmaven.repo.local=/tmp/.m2/repository/ -Duser.home=/tmp'
Note
Replace $CODELOGIC_VERSION with your CodeLogic Server version number (for example, 21.21.1). The line would be:
sh -c 'mvn -s settings-override.xml com.codelogic.agent.java:jcape-maven-plugin:21.21.1:codelogic-scan'
View Scan Results
- Log in to the CodeLogic Server.
- Select the Search tab.
- Expand the application to view items and their dependencies.