3

I would like to export a dependency list for a maven project to a CSV or TSV file.

I know that I can generate a dependency list as part of the "mvn site:site" command, but it is in a very inconvenient format for my needs.

I need a simple CSV file with at least these fields: name, version, download URL, license name, license URL

Is there any existing tool that makes that easy?

Enwired
  • 1,563
  • 1
  • 12
  • 26
  • Maybe https://github.com/fordfrog/xml2csv could help. However, this does not help for transitive dependencies. – koppor Jun 29 '17 at 13:45
  • 1
    `xml2csv` simply allows converting portions of the `pom.xml` file to CSV. It does not gather the transitive dependencies, nor does it gather the download URL or license information. – Enwired Jul 03 '17 at 20:45

3 Answers3

5

I require name and version and this is the solution for me.

Unix offers multiple tools to deal with text. On Windows, open git bash and execute following command:

mvn -o dependency:list | grep ":.*:.*:compile" | sed "s/\[INFO\]    \([^:]*\):\([^:]*\):jar:\([^:]*\):compile/\1;\2;\3/" | sort -u

This outputs the compile dependencies as follows:

ch.qos.logback;logback-classic;1.1.1
ch.qos.logback;logback-core;1.1.1
com.fasterxml.jackson.core;jackson-annotations;2.8.6
koppor
  • 19,079
  • 15
  • 119
  • 161
  • 1
    That provides some of the information, but not the full set of data that my question was looking for. I also need the download URL, License, and License URL all on the same line. The `site:site` command generates that data, but it is spread-out into different sections of the report and cannot be filtered simply using `sed`. – Enwired Jul 03 '17 at 20:42
2

In addition to koppor's answer, which is a clean and simple solution to get the groupId:artifactId:version tuple for each dependency, you can use mvn dependency:purge-local-repository to force a redownload of maven dependencies.

The URLs of the resolved dependencies are written to the console output during that process. You could possibly redirect the output of that command (just like dependency:list) with -DoutputFile.

Note that depending on whether you analyze a single project or a full project-structure you may want to set -DappendOutput to true.

Retrieving the License and License-URL is significantly harder, because that is not mandatory information. The simplest way I can imagine for that to work is to actually download the dependencies' jar and pom. POMs may include license information, and if they don't the jar would need to be analyzed.

Vogel612
  • 5,620
  • 5
  • 48
  • 73
1

No. There is no existing tool to produce a CSV list of dependencies and licenses. Existing tools mvn dependency:list and mvn site:site will provide the data, but not in the CSV format.

Original answer: mvn dependency:list is the maven plugin and command you need. It takes lots of options, but I don't think any of them produce CSV. You'll have to transform the output to CSV yourself. It shouldn't been too hard. A quick google found this example of someone who gone part way towards what you need.

Enwired
  • 1,563
  • 1
  • 12
  • 26
Paul Hicks
  • 13,289
  • 5
  • 51
  • 78
  • That will list all the names and versions, but doesn't show download locations or licenses. `site:site`, which I think uses `project-info-reports:dependencies`, gives all the necessary information, but spread out in multiple sections of an html file. – Enwired Oct 26 '16 at 22:37
  • In that case, the answer is "No". I'm not aware of anything that does that. You'll have to brush up your XSLT skills. – Paul Hicks Oct 26 '16 at 23:17
  • Unfortunately, it appears that nobody else has an solution either! One could use XSLT to extract data from the html produced by `site:site`, but I'm not going to do that. For now I'll just create my CSV file by hand. Someday, maybe I'll write a custom maven plugin based off the code that produces the `site:site` report. That seems more direct than using XSLT, but I'm not ready to try it yet. – Enwired Oct 31 '16 at 18:51