Description
We use a tool called WhiteSource that analyzes our dependencies for security issues. It uses the the following call to maven deps plugin to get the dependencies:
mvn dependency:tree -DoutputFile=whitesource_mvn_dependency_tree.txt -Dverbose -DoutputType=text -T1 -B
This works and takes ~15seconds with version 3.1.2, after upgrading to 3.2.0, this call does not terminate after 15 minutes and runs into a timeout.
When starting maven with "-X" I can see thousands of those debug messages flowing through, it looks like it is scanning the whole local maven repository:
[DEBUG] Writing tracking file C:\Users\myuser\.m2\repository\org\jboss\spec\jboss-specs-parent\1.0.0.Beta2\_remote.repositories [DEBUG] Using transporter WagonTransporter with priority -1.0 for https://my-repo [DEBUG] Using connector BasicRepositoryConnector with priority 0.0 for https://my-repo with username=myuser, password=*** via localhost:8888 [DEBUG] Writing tracking file C:\Users\myuser\.m2\repository\org\jboss\spec\javax\interceptor\jboss-interceptors-api_1.1_spec\1.0.0.Beta1\_remote.repositories [DEBUG] Using transporter WagonTransporter with priority -1.0 for https://my-repo [DEBUG] Using connector BasicRepositoryConnector with priority 0.0 for https://my-repo with username=myuser, password=*** via localhost:8888 [DEBUG] Writing tracking file C:\Users\myuser\.m2\repository\org\jboss\spec\jboss-specs-parent\1.0.0.Beta1\_remote.repositories [DEBUG] Using transporter WagonTransporter with priority -1.0 for https://my-repo [DEBUG] Using connector BasicRepositoryConnector with priority 0.0 for https://my-repo with username=myuser, password=*** via localhost:8888 [DEBUG] Writing tracking file C:\Users\myuser\.m2\repository\org\testng\testng\5.10\_remote.repositories [DEBUG] Verifying availability of C:\Users\myuser\.m2\repository\org\apache\derby\derby\10.12.1.1\derby-10.12.1.1.pom from [devcloud-bci-mvn (https://my-repo, default, releases+snapshots), artifactory-central-mirror (https://my-repo, default, releases), central (https://repo.maven.apache.org/maven2, default, releases)] [DEBUG] Using transporter WagonTransporter with priority -1.0 for https://my-repo [DEBUG] Using connector BasicRepositoryConnector with priority 0.0 for https://my-repo with username=myuser, password=*** via localhost:8888 [DEBUG] Writing tracking file C:\Users\myuser\.m2\repository\org\apache\derby\derby\10.12.1.1\_remote.repositories
Attachments
Issue Links
- relates to
-
MDEP-644 Reintroduce the verbose option for dependency:tree
-
- Closed
-
- links to