Maven build support for NIST Security Automation Java projects

This project provides support for building Sercurity Automation Java projects using Apache Maven.

This project contains the following sub-modules:

  • oss-parent: Provides a parent POM for use as the build parent for other projects.
  • build-support: Provides a set of common build support files that are made available on the classpath for all builds.

Please refer to each sub-module for usage instructions.

Usage

To use this project as a Maven build parent for your project, add the following to your project's POM:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <parent>
    <groupId>gov.nist.secauto</groupId>
    <artifactId>oss-parent</artifactId>
    <version>27</version>
  </parent>

  <!-- additional dependencies and build configuration -->
</project>

Build Features

A number of build features are configured by the oss-parent project when used as the parent of another project. Some features are automatic, while others require use of specific commands.

  • Use of the Maven Release Plugin supporting automated releases of project revisions. Use of this feature requires configuration of the <scm>/<developerConnection> element in the project POM. A release can be performed using the command:

    mvn -Prelease release:clean release:prepare release:perform

    The profile “release” triggers building javadoc documentation, which is omitted during the regular build process to save build time.

  • Configuration of the site plugin with Markdown support to produce Bootstrap documentation pages like this one. The site can be built using the Maven command:

    mvn -Prelease -Preporting site site:deploy

  • Jacoco is used to perform code coverage analysis based on JUnit tests. A site report will be produced containing coverage information.

  • Use of the Maven PMD Plugin to perform code analysis. Issues found at [priority 1 and 2] (https://docs.pmd-code.org/latest/pmd_userdocs_configuring_rules.html) will fail the build.

  • The Tag List Maven plugin is used to generate a report of all comments marked “TODO” or “FIXME”.

  • The Maven Checkstyle Plugin is used to check code for code style issues. The style checked is configured to use the checkstyle rules provided by the oss-build-support project.

  • Building of Javadoc documentation will occur if the profile reporting is chosen using:

    mvn -Prelease -Preporting install

  • The license Maven Plugin is used to check that the appropriate NIST software license is used. All source files are checked to ensure that the required license content, provided by the oss-build-support project, is included in all java source files. The build is failed if a license is missing.

    To apply licenses to all source files use:

    mvn license:format

  • The Formatter Maven Plugin is used to check that all Java sources are formatted according the projects formatting policies, provided by the oss-build-support project. The build is failed if source is not properly formatted.

    To reformat all source files use:

    mvn formatter:format

  • The Maven enforcer Plugin is used to check that Java 1.8 or later is used, that the Maven version is 3.0 or higher, and that plugins are properly versioned.

Copyright ©2023 . All Rights Reserved.