Multi-module Maven project build performance

[Alexander von Buchholtz]

Hi,

 

We’ve set up a multi-module Maven project with the dependency-check maven plug-in. The Plug-In is configured in the master POM. The overall processing time of the check goal is very slow compared to the Jenkins plug-in.

As far as I can see an expensive “ramp up” phase is executed for every module which takes up to 20 seconds after configuration is read and before the analysis starts. When disabling auto update of CVE database the time goes down to 3-4 seconds. Ideally we only want to update the Database once per build and not number of modules times.

Any advice how we can reduce the overall time? Where and when should the plug-in be executed in a multi-module set-up to minimize build time?

 

Thanks for this great tool btw!

 

Cheers,

Alexander

 

[Jeremy Long]

Alexander,

I apologize for the delayed response. I know exactly what is happening and I will open an issue to track the problem and resolve (some) of the initialization time. In the meantime the best you can do is configure the parent pom to perform the check with the update, and then in the child modules configure dependency-check to skip the auto-update. Not ideal, but it is the best I can think of without code changes.

Best Regards,

Jeremy