Generates a jar file containing metadata about the current project and its dependencies in a form that container vulnerability scanning tools such as grype recognise.
This is useful if, for example, if you are creating uberjars, graalvm native images or some other lossy repackaging tooling.
Put [org.kipz/lein-meta-bom "<version>"]
into the :plugins
vector of your :user
profile or in the :plugins
of your poject.clj:
Then run
lein metabom
Which will generate a jar file named <project-name>-metabom.jar
containing only metadata about the project and its dependencies e.g.
$ lein metabom
Creating metabom: /home/build/target/test-project-metabom-0.1.0-SNAPSHOT.jar
Found 13 dependencies
Adding metabom entry: META-INF/MANIFEST.MF
Adding metabom entry: META-INF/maven/org.kipz/test-project-metabom/pom.xml
Adding metabom entry: META-INF/maven/org.kipz/test-project-metabom/pom.properties
Adding metabom entry: META-INF/maven/cc.qbits/knit/pom.xml
Adding metabom entry: META-INF/maven/cc.qbits/knit/pom.properties
Adding metabom entry: META-INF/maven/cc.qbits/commons/pom.xml
Adding metabom entry: META-INF/maven/cc.qbits/commons/pom.properties
Adding metabom entry: META-INF/maven/org.clojure/clojure/pom.xml
...
The generated jar name can be configured by configuring the metabom
profile in the usual ways:
{:metabom {
:jar-name "metabom.jar"}}
Can you improve this documentation?Edit on GitHub
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close