0

When I run CLM scan on a jar, I am getting errors on a couple of libraries that I cannot find in the dependency tree for this maven project. Does anyone know how to exclude these dependencies or how I can find the root dependency for such transitive dependencies?

These are the libraries, both of which are not showing up in dependency tree

  • fr.d2-si.ooso.0.0.1
  • net.jcip.jcip-annotations.1.0
sj_24
  • 41
  • 2
  • 8
  • If a dependency is not in the dependency tree you can't exclude it...this sounds contradictable...Have you checked the parents ? How have you checked it? – khmarbaise Aug 01 '17 at 08:08
  • @khmarbaise I pulled up maven dependency tree and searched for the library. If I run CLM scan through the maven clm plugin it doesn't detect this library either. This happens only with the jar. Im using maven shade plugin to prepare the jar. – sj_24 Aug 01 '17 at 14:01
  • @khmarbaise I guess a better question is, is it possible to have dependencies/libraries/jars in a shaded jar that are not defined in the maven dependency tree? – sj_24 Aug 01 '17 at 15:13
  • To answer your laster question: No. You have obviously overlooked something.... – khmarbaise Aug 01 '17 at 19:31

0 Answers0