0

I would like to list all available versions of a given dependency.

The reason: When a vulnerability is found, the dependency gets blocked by a mechanism we built upon JFrog Xray. I want to generate a list of dependencies which are still unblocked.

I know that I can ask the REST API of Artifactory, but this will only list versions which are already downloaded (cached), not every version that is available (e.g. on MavenCentral).

From what I understand the Versions Maven Plugin has such a mechanism included and uses it for their goals (like versions:use-latest-releases). So it should be possible and I would like to know how.

J Fabian Meier
  • 33,516
  • 10
  • 64
  • 142

2 Answers2

1

Dependencies can exist in 3 places.

  1. locally on your PC
  2. on your local Nexus server
  3. Maven central repos

number 1 - look in your .m2/repository folder

number 2 - use the web search for your local repository

number 3 - I'm not aware of an api for Artifactory, so I suggest instead you look on an indexing site like mvnrepository.com

halfer
  • 19,824
  • 17
  • 99
  • 186
vikingsteve
  • 38,481
  • 23
  • 112
  • 156
  • Thank you, but I would prefer some Maven goal or some Java code calling Maven classes. The above approach seems to be difficult to maintain because you need to call several REST or HTML pages and parse them. – J Fabian Meier Mar 09 '23 at 14:14
1

In Maven plugin you can use Resolver API

RepositorySystem.resolveVersionRange(...)

Example: FindAvailableVersions

Example of Maven plugin: ResolveArtifactMojo

Slawomir Jaranowski
  • 7,381
  • 3
  • 25
  • 33