我需要对我的应用程序进行安全扫描。我已经编写了这段代码来下载所有依赖的JAR]
barvaz := {
buildStandalone.value
// Define the paths to the ".ivy2" in the current-working-directory (localIvy) and in the
user's home
val localIvy = (baseDirectory in publishLocal).value / ".ivy2"
val projectBoot = (baseDirectory in publishLocal).value / "project/boot"
// Package everything in target/standalone.zip so it could easily be copied around
val ivy2Files = (localIvy ** "*.jar").get.map(_.getPath.replaceAll(".*\\.ivy2", ".ivy2"))
val projectFiles = (projectBoot ** "*.jar").get.map(_.getPath.replaceAll(".*boot", "project/boot"))
val jarNames = (ivy2Files ++ projectFiles).map(_.replaceAll("\\\\", "/")) //Seq("sbt-launch.jar") ++
Packaging.downloadLibSourcesAndBins((resourceDirectory in Compile).value / "barvaz", jarNames)
val downloadedJars = ((target.value / "barvaz") ** "*.jar").get.map(f => f -> f.getPath.replaceFirst(".*barvaz", ""))
IO.zip(downloadedJars, new File(s"target/barvaz-${version.value}.zip"))
"Done"
}
但是我现在有来自不同版本的JAR的副本,例如版本4.0.0和4.0.1的jettey,当然还有一些测试JAR如何检查实际加载了哪些JAR?