diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
index da8785178..d7492795d 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@@ -162,7 +162,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* Fail the build if any dependency has a vulnerability listed.
*/
@SuppressWarnings("CanBeFinal")
- @Parameter(property="failBuildOnAnyVulnerability", defaultValue="false", required=true)
+ @Parameter(property = "failBuildOnAnyVulnerability", defaultValue = "false", required = true)
private boolean failBuildOnAnyVulnerability = false;
/**
* Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not
@@ -313,7 +313,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
/**
* Sets the path for the bundle-audit binary.
*/
- @Parameter(property = "bundleAuditPath", defaultValue="", required = false)
+ @Parameter(property = "bundleAuditPath", defaultValue = "", required = false)
private String bundleAuditPath;
/**
@@ -327,7 +327,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
*/
@Parameter(property = "swiftPackageManagerAnalyzerEnabled", required = false)
private Boolean swiftPackageManagerAnalyzerEnabled;
-
+
/**
* The URL of a Nexus server's REST API end point
* (http://domain/nexus/service/local).
@@ -630,34 +630,6 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* and scanning the dependencies
*/
protected ExceptionCollection scanArtifacts(MavenProject project, Engine engine) {
- //
- /*
- for (Artifact a : project.getArtifacts()) {
- if (excludeFromScan(a)) {
- continue;
- }
- final List deps = engine.scan(a.getFile().getAbsoluteFile());
- if (deps != null) {
- if (deps.size() == 1) {
- final Dependency d = deps.get(0);
- if (d != null) {
- final MavenArtifact ma = new MavenArtifact(a.getGroupId(), a.getArtifactId(), a.getVersion());
- d.addAsEvidence("pom", ma, Confidence.HIGHEST);
- d.addProjectReference(project.getName());
- if (getLog().isDebugEnabled()) {
- getLog().debug(String.format("Adding project reference %s on dependency %s", project.getName(),
- d.getDisplayFileName()));
- }
- }
- } else if (getLog().isDebugEnabled()) {
- final String msg = String.format("More then 1 dependency was identified in first pass scan of '%s:%s:%s'",
- a.getGroupId(), a.getArtifactId(), a.getVersion());
- getLog().debug(msg);
- }
- }
- }
- */
- //
try {
final DependencyNode dn = dependencyGraphBuilder.buildDependencyGraph(project, null, reactorProjects);
return collectDependencies(engine, project, dn.getChildren());
@@ -686,10 +658,10 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
if (excludeFromScan(dependencyNode.getArtifact().getScope())) {
continue;
}
- final ArtifactRequest request = new ArtifactRequest();
- request.setArtifact(new DefaultArtifact(dependencyNode.getArtifact().getId()));
- request.setRepositories(remoteRepos);
try {
+ final ArtifactRequest request = new ArtifactRequest();
+ request.setArtifact(new DefaultArtifact(dependencyNode.getArtifact().getId()));
+ request.setRepositories(remoteRepos);
final ArtifactResult result = repoSystem.resolveArtifact(repoSession, request);
if (result.isResolved() && result.getArtifact() != null && result.getArtifact().getFile() != null) {
final List deps = engine.scan(result.getArtifact().getFile().getAbsoluteFile(),