Method and system for analyzing third-party dependency by packet manager based on maven architecture
A technology of package manager and dependency relationship, applied in the field of third-party dependency component analysis of software projects, to ensure correctness and resolve dependency analysis commands
Pending Publication Date: 2022-07-29
SECZONE TECH CO LTD
View PDF0 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0004] The purpose of the present invention is to provide a method and system for parsing third-party dependencies by a package manager based on maven architecture, which can effectively ensure the correct resolution of third-party dependencies and solve the abnormal problems that occur in the existing command parsing process
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0034] In order to describe the technical content, structural features, achieved objects and effects of the present invention in detail, the following detailed description is given in conjunction with the embodiments and the accompanying drawings.
[0035] This embodiment discloses a method for parsing third-party dependencies by a package manager based on maven architecture, so as to parse third-party dependencies (open source components) in a project based on maven architecture for software development.
[0036] In the prior art, in order to ensure the correctness of the third-party dependency parsing, the pom file in the project is generally parsed through the dependency parsing command (mvn dependency:tree) of the package manager, and the pom file is used to record the current project. The information of third-party dependencies is generally in the dependencies label. Each dependency (hereinafter referred to as dy) is a list of dependencies, but it is only a direct dependen...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a method and a system for analyzing third-party dependency by a packet manager based on a maven architecture, and the method comprises the following steps: analyzing the dependency relationship of each third-party component in a project by adopting a dependency analysis command, and when an abnormal condition occurs and the current analysis command cannot be continuously executed, if the current analysis command is a direct dependency exception, executing the third-party component in the project by adopting the dependency analysis command. If the indirect dependency is abnormal, the direct dependency list can be eliminated, so that the analysis work can be continuously executed, and if the indirect dependency is abnormal, each dependency list is separated and analyzed independently, then the dependency list which fails to be analyzed is eliminated, and the dependency list which succeeds to be analyzed is merged for comprehensive analysis. The comprehensive analysis result and the rejected direct dependence information are the analysis result to be analyzed; by means of the method, the correctness of the analysis result can be effectively ensured, when the analysis process is abnormal, response measures can be taken in time for the abnormity, the analysis process can continue to be executed, and therefore the defect that the package manager depends on the analysis command is effectively overcome.
Description
technical field [0001] The invention relates to the technical field of third-party dependency component parsing of software projects, in particular to a method and system for parsing third-party dependencies by a package manager based on maven architecture. Background technique [0002] Software project development is a systematic project. Each software project will use several source code components. In order to effectively improve the efficiency of software development, most of today's software development will use ready-made open source components. Software development efficiency, but open source components will also bring more risks and vulnerabilities to software projects. Therefore, it is necessary to detect open source components in software projects, that is, third-party dependencies. [0003] In the current market, software composition analysis (SCA, Software Composition Analysis) tools are generally used to analyze third-party components in a project, and display i...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): G06F8/41G06F8/75G06F21/57
CPCG06F8/433G06F8/75G06F21/577G06F2221/033
Inventor 汪杰万振华王颉李华董燕
Owner SECZONE TECH CO LTD