-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathUnusedMavenDependency.inc.qhelp
More file actions
35 lines (31 loc) · 1.49 KB
/
UnusedMavenDependency.inc.qhelp
File metadata and controls
35 lines (31 loc) · 1.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>For projects that build with Maven, unnecessary dependencies add a variety
of maintenance burdens. Most immediately, unnecessary dependencies increase
build time, because Maven rebuilds an artifact whenever its declared
dependencies are modified. This rule identifies Maven dependencies that
are declared in a POM file but are not used by the underlying source code.</p>
<p>If the dependency's source code is part of the code base being analyzed,
then the result is reported by one version of the rule. Otherwise, the
dependency is reported by a separate version of the rule. This allows
the two types of unused Maven dependencies to be reported separately.</p>
</overview>
<recommendation>
<p>Try removing the dependency from the POM file. Then run all build and test
targets that are relevant for the modified POM file. If all of the relevant
build and test targets still succeed, then leave the dependency out permanently.
Doing so will make future maintenance of the relevant source code easier.</p>
<p>In some cases, there may be a true dependency on the code that is not
detected by the analysis. If any of the build and test targets fail
after the dependency is removed, then the result is a false positive,
and the dependency should be restored.</p>
</recommendation>
<references>
<li>Apache Maven Project:
<a href="http://maven.apache.org/pom.html#Dependencies">Maven POM Reference: Dependencies</a>.
</li>
</references>
</qhelp>