0

maybe this is a generic question with regards to how to transfer maven plugin paramters from the pom.xml to the commandline, but I have usually done this without problems using the method below. For the find-security-bugs plugin, however, it is not working.

The find-security-bugs plugin docu says that you can configure the plugin in your pom.xml as follows:

<plugins>
    [...]
    <plugin>
        <groupId>com.github.spotbugs</groupId>
        <artifactId>spotbugs-maven-plugin</artifactId>
        <version>4.7.2.1</version>
        <configuration>
            <includeFilterFile>spotbugs-security-include.xml</includeFilterFile>
            <plugins>
                <plugin>
                    <groupId>com.h3xstream.findsecbugs</groupId>
                    <artifactId>findsecbugs-plugin</artifactId>
                    <version>1.12.0</version>
                </plugin>
            </plugins>
        </configuration>
    </plugin>
</plugins>

I would like to do the same, but cannot do any changes to the pom.xml I'm testing, so would have to specify everything in the command line.

I'm running (from powershell, therefore the quotation marks):

mvn com.github.spotbugs:spotbugs-maven-plugin:4.7.2.1:check -"Dplugins.plugin.groupId=com.h3xstream.findsecbugs"   -"Dplugins.plugin.artifactId=findsecbugs-plugin"  -"Dplugins.plugin.version=1.12.0" -"DincludeFilterFile=secbugsfilter.xml"

but the parameters are not used. Is there any way to run a plugin with a configuration like this from the command line without specifying anything in the pom?

02kfdlde01q23_
  • 43
  • 7
  • Why: `but cannot do any changes to the pom.xml I'm testing` ? Create a branch and test on that branch...Done. On command line that will not work... – khmarbaise Jan 06 '23 at 09:31
  • because this is for a generic CI/CD pipeline template. I.e. I don't want every project to have to implement this, I want to specifiy this once in the pipeline template so that every to run on every project whose pipeline uses the template will run the step, export the report into the same folder, etc. Unfortunately, using a parent pom is also out of the question for different reasons, so the only thing that remains in my opinion is the command-line-only option. – 02kfdlde01q23_ Jan 09 '23 at 06:56
  • Than you should configure that in your corporate parent pom to handle overall...If the cli is the only option than I would say it will getting extremly hard if not impossible...via cli only... – khmarbaise Jan 09 '23 at 10:37

0 Answers0