MTA-5964 - Added --disable-maven-search flag in CLI guide #179
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Pkylas007
force-pushed
the
mta-5964-cli-guide-maven-flag
branch
from
a79842c to
fe12b05
Compare
Pkylas007
force-pushed
the
mta-5964-cli-guide-maven-flag
branch
from
ad578c4 to
c13717a
Compare
Thank you! |
Thank you a quick review, Igor! |
|
@jmle @eemcmullan Could you review the |
jmle
approved these changes
Aug 18, 2025
jmle
approved these changes
Aug 18, 2025
eemcmullan
approved these changes
Aug 18, 2025
Pkylas007
force-pushed
the
mta-5964-cli-guide-maven-flag
branch
from
f6dc9de to
4e16c7a
Compare
Pkylas007
commented
Aug 20, 2025
jmle
reviewed
Aug 20, 2025
| |`--context-lines` (int)|A number of lines of source code to include in the output for each incident. The default is 100. | ||
| |`--disable-maven-search`| Set the flag to `true` to disable {ProductShortName} from relying on the Maven search index to determine if a dependency is publicly available (such as an open-source dependency) or internal to the Java binary application during analysis. | ||
|
|
||
| When you disable Maven search, {ProductShortName} at first tries to determine dependencies from the compiled JAR file. If this method does not succeed, {ProductShortName} goes through the directory structure to determine dependencies. This method may not produce a reliable dependency classification since the package structure can differ from what is expected by {ProductShortName}. You may see more dependencies in the `dependencies.yaml` file because some dependencies may be wrongly classified as internal. |
There was a problem hiding this comment.
Suggestion:
When you disable Maven search, {ProductShortName} at first tries to determine dependencies from the JAR files' POM file, if any. If this method does not succeed, {ProductShortName} goes through the directory structure of the JAR to try to determine its identity.
The rest looks good 👍
There was a problem hiding this comment.
Thanks @jmle! I have updated as you suggested.
eemcmullan
suggested changes
Aug 20, 2025
| |`--context-lines` (int)|A number of lines of source code to include in the output for each incident. The default is 100. | ||
| |`--disable-maven-search`| Set the flag to `true` to disable {ProductShortName} from relying on the Maven search index to determine if a dependency is publicly available (such as an open-source dependency) or internal to the Java binary application during analysis. | ||
|
|
||
| When you disable Maven search, {ProductShortName} at first tries to determine dependencies from the the JAR file's POM file (if any). If this method does not succeed, {ProductShortName} goes through the directory structure to determine dependencies. This method may not produce a reliable dependency classification since the package structure can differ from what is expected by {ProductShortName}. You may see more dependencies in the `dependencies.yaml` file because some dependencies may be wrongly classified as internal. |
There was a problem hiding this comment.
Instead of noting dependencies in dependencies.yaml, it would probably be better to mention this could cause more incidents vs using maven search.
Signed-off-by: Prabha Kylasamiyer Sundara Rajan <[email protected]>
Pkylas007
force-pushed
the
mta-5964-cli-guide-maven-flag
branch
from
f7ed6c3 to
2ef8157
Compare
eemcmullan
approved these changes
Aug 20, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
JIRA
Version
Preview