When a build is performed in Maven, the dependencies and
plugins of the project are fetched from public repositories or
those defined in the local Maven installation configurations. In our
case, we use a public repository where the plugins necessary for
performing an analysis are located.
The first step is to configure the Maven repository as one of the
sources of dependencies and plugins for the project:
<repositories> <repository> <snapshots> <enabled>true</enabled> </snapshots> <id>ossrh</id> <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url> </repository> </repositories> <pluginRepositories> <pluginRepository> <snapshots> <enabled>true</enabled> </snapshots> <id>ossrh</id> <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url> </pluginRepository> </pluginRepositories>
Two plugins are necessary for the analysis: one is the plugin that
intercepts the compilation process (javac plugin), and the other is
the plugin that intercepts the Maven build (Maven plugin).
The javac plugin collects information from the source code directly
from the compiler, while the Maven plugin is responsible for sending
this information to the DocSpot API.
To configure the Maven plugin:
<plugin> <groupId>com.docexploit</groupId> <artifactId>docspot-maven-plugin</artifactId> <version>1.1.7-SNAPSHOT</version> <configuration> <skip>false</skip> <baseApi>https://api.docspot.docexploit.com</baseApi> <apiKey>API-KEY</apiKey> <projectId>PROJECT-ID</projectId> <analyzer>java</analyzer> <language>java</language> <ignoredPaths> <ignore>target/**</ignore> <ignore>.mvn/**</ignore> <ignore>.github/**</ignore> </ignoredPaths> </configuration> <executions> <execution> <id>analyzer</id> <goals> <goal>docspot-analysis</goal> </goals> </execution> </executions> </plugin>
Also we need to add the compiler plugin, where the DocSpot logical runs with the compiler. In the case of Maven is configured with the Maven Compiler Plugin.
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> <annotationProcessorPaths> <path> <groupId>com.docexploit</groupId> <artifactId>docspot-java-importer</artifactId> <version>1.2.5-SNAPSHOT</version> </path> </annotationProcessorPaths> <fork>true</fork> <compilerArgs> <arg>-J--add-exports="jdk.compiler/com.sun.source.util=ALL-UNNAMED"</arg> <arg>-J--add-exports="jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED"</arg> <arg>-J--add-exports="jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED"</arg> <arg>-J--add-exports="jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED"</arg> <arg>-J--add-exports="jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED"</arg> <arg>-J-Xmx4g</arg> </compilerArgs> <compilerArgument>-Xplugin:DocspotPlugin</compilerArgument> <testCompilerArgument>-Xplugin:DocspotPlugin test</testCompilerArgument> </configuration> </plugin>
After this, an analysis will be run every time the project is compiled. If you want to skip an analysis put the skip parameter as true.
Visualize the results: [Link to visualization explanation]