Details
-
Type:
New Feature
-
Status:
Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 2.1
-
Component/s: None
-
Labels:None
-
Number of attachments :
Description
The idea is to implement a dependency control engine in Sonar which allows to :
- Search which projects depend on a given Maven artifact (ex: commons-logging version x.x)
- Create maven dependencies rules on such searches
Here are what can be done to implement the first use case :
- Use the Maven Dependency plugin to retrieve all dependencies attached to a Maven project/module
- Each Maven dependency artifact must be declared in the Sonar projects table : qualifier='MAV' and scope='PRJ'
- Each version of an artifact must be added in the snapshots table : parent_snapshot_id and root_snapshot_id are null. We can even imagine to associate measure to a Maven artifact like : size, sources url, site url, ...
- A new table snapshot_links must be created with the following columns :
- id : primary kee
- from_snapshot_id
- to_snapshot_id
- qualifier : MVN for maven dependencies, PKG for packages dependencies, CLA for classes dependencies, ...
- root_snapshot_id : snapshot whose this link belongs to
- type : compile, runtime, provided, ... for Maven dependency, association, aggregation, ... for classes dependencies
- On the fly, when we want to visualize the Maven dependencies graph (and tomorrow the Packages/Classes dependencies graph), all nodes of the graph are loaded (root_snapshot_id) and the edges are (re)built.
Attachments
Issue Links
| This issue relates to: | ||||
| SONAR-501 | New "Components DSM" service |
|
|
|
| SONARPLUGINS-35 | Integrate Macker, the architectural rule checking utility for Java developers |
|
|
|
| SONAR-1257 | New page for project libraries |
|
|
|
In addition to this feature it would be nice to have info about newer versions (See http://mojo.codehaus.org/versions-maven-plugin/).