Skip to content

add IT for shipped/included dependencies vs not-shipped #596

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
hboutemy wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

add IT for shipped/included dependencies vs not-shipped #596

hboutemy wants to merge 1 commit into from

Conversation

@hboutemy
Copy link
Contributor

@hboutemy hboutemy commented Mar 19, 2025
edited
Loading

see #589
this PR is not yet about changing anything to generated CycloneDX documents, but listing all cases:

  • from the most basic =
    • classical libraries that have transitive dependences = not shipped
    • classical war files = ship dependencies in WEB-INF/lib in .war archive
  • to most advanced =
    • shade: very flexible, including partial ship
    • assembly: very flexible configuration file
    • executable archives: ship dependencies, but also adds a launcher (that may even bring a servlet container like Tomcat or Jetty, that is not even listed as a dependency)

see also #576 for a first pass

@hboutemy
init structure
677c92a 
Signed-off-by: Hervé Boutemy <[email protected]>
@hboutemy hboutemy added the build Build improvement/fix label Mar 19, 2025
@hboutemy hboutemy marked this pull request as draft March 19, 2025 17:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

build Build improvement/fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hboutemy