How to set mysql-connector-java dependency from Maven commandline

Amedee Van Gasse

unread,

Apr 6, 2021, 7:17:48 AM4/6/21

to Dependency Check

We've switched from a local H2 database to a centralized MySQL database. See previous messages on this mailing list. This required changes in the pom.xml.

Older, tagged releases obviously can not, shall not, must not and will not have changes to their pom.xml. All configuration must therefor be overriden with mvn -D user properties that can be found on https://jeremylong.github.io/DependencyCheck/dependency-check-maven/check-mojo.html

What I cannot find, is how to set the dependency on the mysql-connector-java dependency.

This is the pom.xml snippet:

<groupId>org.owasp</groupId>

<artifactId>dependency-check-maven</artifactId>

<version>${dependencyCheck.version}</version>

<groupId>mysql</groupId>

<artifactId>mysql-connector-java</artifactId>

</dependency>

</dependencies>

<autoUpdate>false</autoUpdate>

<databaseDriverName>com.mysql.cj.jdbc.Driver</databaseDriverName>

</configuration>

<goals>

<goal>aggregate</goal>

</goals>

</execution>

</executions>

</plugin>

How do I translate this part to a mvn commandline? I know how to do everything else.

(Intentionally left blank here: connectionString, databaseUser, databasePassword. These are overridden by Jenkins secrets.)

<groupId>mysql</groupId>

<artifactId>mysql-connector-java</artifactId>

</dependency>

</dependencies>

To summarize: what do I add after mvn org.owasp:dependency-check-maven:6.0.3:aggregate -DautoUpdate=false -DdatabaseDriverName=com.mysql.cj.jdbc.Driver -Dformat=ALL -DdataDirectory='' to get a working MySQL connection?

Jeremy Long

unread,

Apr 6, 2021, 7:48:19 AM4/6/21

to Amedee Van Gasse, Dependency Check

I honestly don't think that is possible - to modify the dependency tree like that from the command line. That would be more of a question for Maven then for dependency-check. The best way I've seen people solve this problem is using a common company wide parent pom - then they can define a few things like this in a single place for all projects.

--Jeremy

--
You received this message because you are subscribed to the Google Groups "Dependency Check" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dependency-che...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dependency-check/006ea941-aa5a-49ba-92fc-ce996d4e5ac4n%40googlegroups.com.

Hans Aikema

unread,

Apr 6, 2021, 7:51:35 AM4/6/21

to Amedee Van Gasse, Dependency Check

You need a different approach, using the property that is documented in the Advanced Configuration section

databaseDriverPath

The path to the database driver JAR file; only used if the driver is not in the class path.

Of course you need to make sure that the mysql connector jar file is stored somewhere on the system, after which you can use that property to point to the driver jar file on disk.

A way to arrange for it to be present in a known location on a build system would be to use the maven-dependecy-plugin get goal to retrieve it and store it to a chosen location just before the mvn call to run dependency-check

http://maven.apache.org/plugins/maven-dependency-plugin/usage.html#dependency:get

kind regards,

Hans

Amedee Van Gasse

unread,

Apr 6, 2021, 7:55:18 AM4/6/21

to Dependency Check

I have asked for a company wide parent pom, it's been on the backlog for 2 years I think.

Anyway it would not solve the problem, because the child pom would still have to refer to the parent pom, and the child pom is not allowed to change.

Amedee Van Gasse

unread,

Apr 6, 2021, 8:01:29 AM4/6/21

to Dependency Check

This looks feasible:

* define the driver jar as a custom Jenkins tool

* use dependency:get in a shell script installer for the custom tool

* in the pipeline, use the custom tool path in the mvn command with -DdatabaseDriverPath (that way the jar is only downloaded once per node, not each time in every job)