Why can't the Nexus IQ Server find artifacts in an uber (shaded) jar file?

We do extensive checking of the internal java structure of jar files (including method signatures, fields, classes/inner classes, etc.) in order to identify artifacts.  So if you take an open source jar, make some changes to the source, and recompile it you can usually detect what the original was.

But this can't work for an uber jar because there are too many things in it to be able to reliably track back to individual components.

For an uber jar you have two options:

1. Scan it with the clm-maven-plugin while it is being built
2. Use the maven dependency plugin to unpack dependencies into a directory, and then use the command line scanner on those.

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk