SlideShare une entreprise Scribd logo

Maven Zero to Hero with AWS CodeCommit, CodeArtifact, ECR, OWASP Dependency Track

Ravi Soni
Ravi Soni

This document provides an overview and agenda for a presentation on using Maven with AWS services like CodeCommit, CodeArtifact, and ECR. It discusses Maven concepts like folders, POMs, lifecycles, plugins and goals. It also covers setting up projects with these AWS services, performing Maven releases, and best practices. Example builds are provided like a Hello World app and utilizing services together.

Logiciels
1  sur  27
Télécharger pour lire hors ligne
Maven Zero to Hero with AWS CodeCommit, CodeArtifact, ECR, OWASP Dependency Track Ravi Soni linkedin.com/in/rvsoni/
Agenda ❖ History of Build System ❖ Overview of Maven ❖ Internals working of Maven (GAV, Phases, Goals, Plugins, Packaging, Profiles) ❖ Maven Repository (m2 repo) ❖ Setup and running Maven Hello World ❖ Overview AWS CodeCommit, CodeArtifact, ECR ❖ Setup of AWS CodeCommit, CodeArtifact, ECR and use with Maven ❖ Maven Release process with AWS CodeCommit, CodeArtifact, ECR ❖ Cool things I have build using Maven ❖ Overview/Talk on some important maven plugins ❖ Best practices of using Maven ❖ Q/A
History of Build System ● Initial concepts derived from a Make build system used on Solaris/Unix ● Birth of Ant build tool ● Birth of Maven build tool
Maven Overview ● Started as a side project of Apache Turbine ● How software is build and dependency managed ● Plugin based system ● Introduced GAV coordinates for dependency management ● Folder structure ● Introduction of build lifecycle
Maven Folder structure
Walking with Maven POM.xml <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.rvsoni.app</groupId> <artifactId>app-demo</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>jar</packaging> <name>app-demo</name> <description>Demo project for Maven</description> <properties> <java.version>11</java.version> </properties> <!-- <dependencies> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> </dependency> </dependencies> --> </project>
Walking with Maven (Multi Module) POM.xml <project> <modelVersion>4.0.0</modelVersion> <artifactId>service</artifactId> <packaging>jar</packaging> <description>Demo project for Maven</description> <parent> <groupId>com.rvsoni.app</groupId> <artifactId>multi-module-app-demo</artifactId> <version>0.0.1-SNAPSHOT</version> </parent> <dependencies> <dependency> <groupId>com.rvsoni.app</groupId> <artifactId>jpa</artifactId> <version>${project.version}</version> </dependency> </dependencies> </project> <project> <modelVersion>4.0.0</modelVersion> <groupId>com.rvsoni.app</groupId> <artifactId>multi-module-app-demo</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>pom</packaging> <name>Maven multi-module App Demo</name> <properties> <java.version>11</java.version> <maven.compiler.source>${java.version}</maven.compiler.source> <maven.compiler.target>${java.version}</maven.compiler.target> <spring-boot.version>2.6.7</spring-boot.version> </properties> <dependencyManagement> <dependencies> <!-- Spring Boot BOM --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-dependencies</artifactId> <version>${spring-boot.version}</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement> <modules> <module>jpa</module> <module>service</module> <module>web</module> </modules> </project>
Maven Lifecycle ● Packaging ● Phases ● Plugins ● Goals ● Dependency ● Profiles ● Distribution Management
Maven Packaging ● Various packaging types support ○ EJB, EJB3, JAR, EAR, PAR, RAR, WAR, POM, Maven-plugin ○ Custom Packaging type, i.e hpi (Jenkins plugin) ● Default Packaging type is JAR ● Packaging type enable various phases of build lifecycle phases
Maven Phase ● Maven lifecycle are based on the phase ● Phase associated with Plugin Goals ● Packaging type define lifecycle phases ● Phases named with hyphenated-words (pre-*, post-*, or process-*)
Maven Plugins and Goals ● Plugin is heart of Maven Build system ● Each Plugin provide one or more goals ● Goals are need to map with Phase to be executed ● Some plugin goal is pre mapped with phase
Maven Dependency and BOM ● Dependency management is a core feature of Maven ● Direct/Transitive Dependency ● Dependency scope (compile, Provided, Runtime, Test, System, Import) ● Bill of Materials (BOM) ○ A Collection of dependency ○ Best way to manage Dependency with in different project
Maven Profiles ● A set of Maven configuration ● Can be activated on demand or automaticaly ● Help to modularize Maven build process ● Define at ○ Per Project (pom.xml) ○ Per User (%USER_HOME%/.m2/settings.xml) ○ Per Global (${maven.home}/conf/settings.xml)
Maven Repository ● Central place to store and retrieve artifacts of dependency/plugins ● Artifact categorize as Snapshot or Release ● Local repository (~/.m2) ● Remote repository (https://repo.maven.apache.org) ● 3rd Party Repository proxy software ○ Sonatype Nexus ○ JFrog Artifactory ○ AWS CodeArtifact
Maven Hello World!
AWS CodeCommit ● A Hosted Git repository service provided by AWS ● Access control setup using AWS IAM ● Easy to integrate with other AWS Services
AWS CodeArtifact ● A Hosted repository service provided by AWS ● Support Maven, NPM, PyPI.. ● Access control setup using AWS IAM ● Easy to integrate with other AWS Services ● Securly access package with in VPC (VPC PrivateLink Endpoint)
AWS ECR ● A Hosted Container repository service provided by AWS ● Access control setup using AWS IAM ● Easy to integrate with other AWS Services ● Pull through cache repositories
AWS CodeCommit, CodeArtifact, ERC Hello World!
Maven Release process ● Overview of Release process ● Maven Release process tasks ○ Project verification for ready to release. ○ Code tagging ○ Version management ○ Project building ○ Release artifact deployment to repository ○ Prepare for the next development version
Maven Release process with AWS CodeCommit, CodeArtifact, ECR Hello World!
Cool things I have build using Maven ● Count a total line of Code ○ github.com/AlDanial/cloc ● Software bill of material generation ○ CycloneDX (SBOM format) ● Dependency Track Integration ○ Continues vulnerability scanning and alerting ○ Software Supply chain attack ○ Open source license management with SPDX ● License Finder Integration ○ github.com/pivotal/LicenseFinder
List of cool Maven plugins ● Maven-antrun-plugin ● Maven-assembly-plugin ● Maven-enforcer-plugin ● Jib-maven-plugin ● Sql-maven-plugin ● Exec-maven-plugin ● Groovy-maven-plugin ● Cyclonedx-maven-plugin ● Spring-boot-maven-plugin
Maven Best practices ● Separate dependency and build lifecycle ● Increase usage of Maven Dependency BOM ● Use of Parent pom ● Add dependency management on parent pom for Multi Module project ● Always define version on plugins ● Make a use of Profile
Thanks! Ravi Soni linkedin.com/in/rvsoni

Recommandé

Security in the blockchain
Security in the blockchainSecurity in the blockchain
Security in the blockchainBellaj Badr
 
Blockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricBlockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricAraf Karsh Hamid
 
Motiavation For Blood Donors
Motiavation For Blood DonorsMotiavation For Blood Donors
Motiavation For Blood DonorsManish Shivani
 
Understanding Blockchain Security
Understanding Blockchain SecurityUnderstanding Blockchain Security
Understanding Blockchain SecurityITU
 
Monetizing open-source projects
Monetizing open-source projectsMonetizing open-source projects
Monetizing open-source projectsiText Group nv
 
Blockchain based certificate verification
Blockchain based certificate verificationBlockchain based certificate verification
Blockchain based certificate verificationMd. Mahfujur Rahman
 
Choosing Between a Wireless Module and a Wireless SoC
Choosing Between a Wireless Module and a Wireless SoCChoosing Between a Wireless Module and a Wireless SoC
Choosing Between a Wireless Module and a Wireless SoCSilicon Labs
 
Web3 Full Stack Development
Web3 Full Stack DevelopmentWeb3 Full Stack Development
Web3 Full Stack DevelopmentGene Leybzon
 

Recommandé

Security in the blockchain
Security in the blockchainSecurity in the blockchain
Security in the blockchainBellaj Badr
 
Blockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricBlockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricAraf Karsh Hamid
 
Motiavation For Blood Donors
Motiavation For Blood DonorsMotiavation For Blood Donors
Motiavation For Blood DonorsManish Shivani
 
Understanding Blockchain Security
Understanding Blockchain SecurityUnderstanding Blockchain Security
Understanding Blockchain SecurityITU
 
Monetizing open-source projects
Monetizing open-source projectsMonetizing open-source projects
Monetizing open-source projectsiText Group nv
 
Blockchain based certificate verification
Blockchain based certificate verificationBlockchain based certificate verification
Blockchain based certificate verificationMd. Mahfujur Rahman
 
Choosing Between a Wireless Module and a Wireless SoC
Choosing Between a Wireless Module and a Wireless SoCChoosing Between a Wireless Module and a Wireless SoC
Choosing Between a Wireless Module and a Wireless SoCSilicon Labs
 
Web3 Full Stack Development
Web3 Full Stack DevelopmentWeb3 Full Stack Development
Web3 Full Stack DevelopmentGene Leybzon
 
Blockchain startup
Blockchain startupBlockchain startup
Blockchain startupSota Watanabe
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber securityPrateek Panda
 
IDC - Blockchain Threat Model
IDC - Blockchain Threat ModelIDC - Blockchain Threat Model
IDC - Blockchain Threat ModelPeteLind
 
Crypto Token Economy Design for Disruptive BM
Crypto Token Economy Design for Disruptive BMCrypto Token Economy Design for Disruptive BM
Crypto Token Economy Design for Disruptive BMJongseung Kim
 
Skip the J-Curve: An Intro to Venture Capital Secondary
Skip the J-Curve: An Intro to Venture Capital SecondarySkip the J-Curve: An Intro to Venture Capital Secondary
Skip the J-Curve: An Intro to Venture Capital SecondaryDave McClure
 
Longenesis_Investors_TechChill.pdf
Longenesis_Investors_TechChill.pdfLongenesis_Investors_TechChill.pdf
Longenesis_Investors_TechChill.pdfPaoloMalerba9
 
Block chain technology
Block chain technologyBlock chain technology
Block chain technologyMercy Akinseinde
 
Verifiable Credentials for Global Supply Chains
Verifiable Credentials for Global Supply ChainsVerifiable Credentials for Global Supply Chains
Verifiable Credentials for Global Supply ChainsKaryl Fowler
 
190319 icrowdu presentation pitch deck
190319 icrowdu presentation pitch deck190319 icrowdu presentation pitch deck
190319 icrowdu presentation pitch deckiCrowdU
 
Pitch Deck Teardown: CleanHub's $7M Seed deck
Pitch Deck Teardown: CleanHub's $7M Seed deckPitch Deck Teardown: CleanHub's $7M Seed deck
Pitch Deck Teardown: CleanHub's $7M Seed deckHajeJanKamps
 
Test Data, Information, Knowledge, Wisdom: past, present & future of standing...
Test Data, Information, Knowledge, Wisdom: past, present & future of standing...Test Data, Information, Knowledge, Wisdom: past, present & future of standing...
Test Data, Information, Knowledge, Wisdom: past, present & future of standing...Neil Thompson
 
Doxa Holdings pitch deck
Doxa Holdings pitch deckDoxa Holdings pitch deck
Doxa Holdings pitch deckTech in Asia
 
Blockchain: Real World Use Cases
Blockchain: Real World Use CasesBlockchain: Real World Use Cases
Blockchain: Real World Use CasesCapgemini
 
Practical Crypto Asset Predictions rev
Practical Crypto Asset Predictions revPractical Crypto Asset Predictions rev
Practical Crypto Asset Predictions revJesus Rodriguez
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitKaliya "Identity Woman" Young
 
2023 Q2 Crypto Industry Report | CoinGecko
2023 Q2 Crypto Industry Report | CoinGecko2023 Q2 Crypto Industry Report | CoinGecko
2023 Q2 Crypto Industry Report | CoinGeckoCoinGecko
 
Battery Ventures State of the OpenCloud Report 2022
Battery Ventures State of the OpenCloud Report 2022Battery Ventures State of the OpenCloud Report 2022
Battery Ventures State of the OpenCloud Report 2022Battery Ventures
 
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...Edureka!
 
Blockchain concepts
Blockchain conceptsBlockchain concepts
Blockchain conceptsMurughan Palaniachari
 
Partnership Proposal
Partnership ProposalPartnership Proposal
Partnership ProposalArvind Jha
 
Ci jenkins maven svn
Ci jenkins maven svnCi jenkins maven svn
Ci jenkins maven svnAnkur Goyal
 
Apache maven
Apache mavenApache maven
Apache mavenShreyas Lokkur
 

Contenu connexe

Tendances

Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber securityPrateek Panda
 
IDC - Blockchain Threat Model
IDC - Blockchain Threat ModelIDC - Blockchain Threat Model
IDC - Blockchain Threat ModelPeteLind
 
Crypto Token Economy Design for Disruptive BM
Crypto Token Economy Design for Disruptive BMCrypto Token Economy Design for Disruptive BM
Crypto Token Economy Design for Disruptive BMJongseung Kim
 
Skip the J-Curve: An Intro to Venture Capital Secondary
Skip the J-Curve: An Intro to Venture Capital SecondarySkip the J-Curve: An Intro to Venture Capital Secondary
Skip the J-Curve: An Intro to Venture Capital SecondaryDave McClure
 
Longenesis_Investors_TechChill.pdf
Longenesis_Investors_TechChill.pdfLongenesis_Investors_TechChill.pdf
Longenesis_Investors_TechChill.pdfPaoloMalerba9
 
Verifiable Credentials for Global Supply Chains
Verifiable Credentials for Global Supply ChainsVerifiable Credentials for Global Supply Chains
Verifiable Credentials for Global Supply ChainsKaryl Fowler
 
190319 icrowdu presentation pitch deck
190319 icrowdu presentation pitch deck190319 icrowdu presentation pitch deck
190319 icrowdu presentation pitch deckiCrowdU
 
Pitch Deck Teardown: CleanHub's $7M Seed deck
Pitch Deck Teardown: CleanHub's $7M Seed deckPitch Deck Teardown: CleanHub's $7M Seed deck
Pitch Deck Teardown: CleanHub's $7M Seed deckHajeJanKamps
 
Test Data, Information, Knowledge, Wisdom: past, present & future of standing...
Test Data, Information, Knowledge, Wisdom: past, present & future of standing...Test Data, Information, Knowledge, Wisdom: past, present & future of standing...
Test Data, Information, Knowledge, Wisdom: past, present & future of standing...Neil Thompson
 
Doxa Holdings pitch deck
Doxa Holdings pitch deckDoxa Holdings pitch deck
Doxa Holdings pitch deckTech in Asia
 
Blockchain: Real World Use Cases
Blockchain: Real World Use CasesBlockchain: Real World Use Cases
Blockchain: Real World Use CasesCapgemini
 
Practical Crypto Asset Predictions rev
Practical Crypto Asset Predictions revPractical Crypto Asset Predictions rev
Practical Crypto Asset Predictions revJesus Rodriguez
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitKaliya "Identity Woman" Young
 
2023 Q2 Crypto Industry Report | CoinGecko
2023 Q2 Crypto Industry Report | CoinGecko2023 Q2 Crypto Industry Report | CoinGecko
2023 Q2 Crypto Industry Report | CoinGeckoCoinGecko
 
Battery Ventures State of the OpenCloud Report 2022
Battery Ventures State of the OpenCloud Report 2022Battery Ventures State of the OpenCloud Report 2022
Battery Ventures State of the OpenCloud Report 2022Battery Ventures
 
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...Edureka!
 
Partnership Proposal
Partnership ProposalPartnership Proposal
Partnership ProposalArvind Jha
 

Tendances (20)

Blockchain startup
Blockchain startupBlockchain startup
Blockchain startup
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber security
 
IDC - Blockchain Threat Model
IDC - Blockchain Threat ModelIDC - Blockchain Threat Model
IDC - Blockchain Threat Model
 
Crypto Token Economy Design for Disruptive BM
Crypto Token Economy Design for Disruptive BMCrypto Token Economy Design for Disruptive BM
Crypto Token Economy Design for Disruptive BM
 
Skip the J-Curve: An Intro to Venture Capital Secondary
Skip the J-Curve: An Intro to Venture Capital SecondarySkip the J-Curve: An Intro to Venture Capital Secondary
Skip the J-Curve: An Intro to Venture Capital Secondary
 
Longenesis_Investors_TechChill.pdf
Longenesis_Investors_TechChill.pdfLongenesis_Investors_TechChill.pdf
Longenesis_Investors_TechChill.pdf
 
Block chain technology
Block chain technologyBlock chain technology
Block chain technology
 
Verifiable Credentials for Global Supply Chains
Verifiable Credentials for Global Supply ChainsVerifiable Credentials for Global Supply Chains
Verifiable Credentials for Global Supply Chains
 
190319 icrowdu presentation pitch deck
190319 icrowdu presentation pitch deck190319 icrowdu presentation pitch deck
190319 icrowdu presentation pitch deck
 
Pitch Deck Teardown: CleanHub's $7M Seed deck
Pitch Deck Teardown: CleanHub's $7M Seed deckPitch Deck Teardown: CleanHub's $7M Seed deck
Pitch Deck Teardown: CleanHub's $7M Seed deck
 
Test Data, Information, Knowledge, Wisdom: past, present & future of standing...
Test Data, Information, Knowledge, Wisdom: past, present & future of standing...Test Data, Information, Knowledge, Wisdom: past, present & future of standing...
Test Data, Information, Knowledge, Wisdom: past, present & future of standing...
 
Doxa Holdings pitch deck
Doxa Holdings pitch deckDoxa Holdings pitch deck
Doxa Holdings pitch deck
 
Blockchain: Real World Use Cases
Blockchain: Real World Use CasesBlockchain: Real World Use Cases
Blockchain: Real World Use Cases
 
Practical Crypto Asset Predictions rev
Practical Crypto Asset Predictions revPractical Crypto Asset Predictions rev
Practical Crypto Asset Predictions rev
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web Summit
 
2023 Q2 Crypto Industry Report | CoinGecko
2023 Q2 Crypto Industry Report | CoinGecko2023 Q2 Crypto Industry Report | CoinGecko
2023 Q2 Crypto Industry Report | CoinGecko
 
Battery Ventures State of the OpenCloud Report 2022
Battery Ventures State of the OpenCloud Report 2022Battery Ventures State of the OpenCloud Report 2022
Battery Ventures State of the OpenCloud Report 2022
 
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...
 
Blockchain concepts
Blockchain conceptsBlockchain concepts
Blockchain concepts
 
Partnership Proposal
Partnership ProposalPartnership Proposal
Partnership Proposal
 

Similaire à Maven Zero to Hero with AWS CodeCommit, CodeArtifact, ECR, OWASP Dependency Track

Ci jenkins maven svn
Ci jenkins maven svnCi jenkins maven svn
Ci jenkins maven svnAnkur Goyal
 
Fundamental of apache maven
Fundamental of apache mavenFundamental of apache maven
Fundamental of apache mavenRajesh Kumar
 
Jenkins advance topic
Jenkins advance topicJenkins advance topic
Jenkins advance topicGourav Varma
 
Learning Maven by Example
Learning Maven by ExampleLearning Maven by Example
Learning Maven by ExampleHsi-Kai Wang
 
Khaleel Devops Resume (2)
Khaleel Devops Resume (2)Khaleel Devops Resume (2)
Khaleel Devops Resume (2)khaleel a
 
Build Automation using Maven
Build Automation using Maven Build Automation using Maven
Build Automation using Maven Ankit Gubrani
 
Docker + Microservices in Production
Docker + Microservices in ProductionDocker + Microservices in Production
Docker + Microservices in ProductionPatrick Mizer
 
Real World Enterprise Reactive Programming using Vert.x
Real World Enterprise Reactive Programming using Vert.xReal World Enterprise Reactive Programming using Vert.x
Real World Enterprise Reactive Programming using Vert.xSascha Möllering
 
Real World Enterprise Reactive Programming using Vert.x
Real World Enterprise Reactive Programming using Vert.xReal World Enterprise Reactive Programming using Vert.x
Real World Enterprise Reactive Programming using Vert.xMariam Hakobyan
 
Practical maven-slides 2
Practical maven-slides 2Practical maven-slides 2
Practical maven-slides 2Will Iverson
 
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12dotCloud
 

Similaire à Maven Zero to Hero with AWS CodeCommit, CodeArtifact, ECR, OWASP Dependency Track (20)

Ci jenkins maven svn
Ci jenkins maven svnCi jenkins maven svn
Ci jenkins maven svn
 
Apache maven
Apache mavenApache maven
Apache maven
 
Fundamental of apache maven
Fundamental of apache mavenFundamental of apache maven
Fundamental of apache maven
 
Jenkins advance topic
Jenkins advance topicJenkins advance topic
Jenkins advance topic
 
Apache Maven
Apache MavenApache Maven
Apache Maven
 
Learning Maven by Example
Learning Maven by ExampleLearning Maven by Example
Learning Maven by Example
 
Khaleel Devops Resume (2)
Khaleel Devops Resume (2)Khaleel Devops Resume (2)
Khaleel Devops Resume (2)
 
Build Automation using Maven
Build Automation using Maven Build Automation using Maven
Build Automation using Maven
 
Docker + Microservices in Production
Docker + Microservices in ProductionDocker + Microservices in Production
Docker + Microservices in Production
 
Session 2
Session 2Session 2
Session 2
 
Session 2
Session 2Session 2
Session 2
 
Real World Enterprise Reactive Programming using Vert.x
Real World Enterprise Reactive Programming using Vert.xReal World Enterprise Reactive Programming using Vert.x
Real World Enterprise Reactive Programming using Vert.x
 
Dev Ops
Dev OpsDev Ops
Dev Ops
 
Kubernetes Intro
Kubernetes IntroKubernetes Intro
Kubernetes Intro
 
Real World Enterprise Reactive Programming using Vert.x
Real World Enterprise Reactive Programming using Vert.xReal World Enterprise Reactive Programming using Vert.x
Real World Enterprise Reactive Programming using Vert.x
 
Vagrant to-aws-flow
Vagrant to-aws-flowVagrant to-aws-flow
Vagrant to-aws-flow
 
Maven
MavenMaven
Maven
 
Practical maven-slides 2
Practical maven-slides 2Practical maven-slides 2
Practical maven-slides 2
 
Mavennotes.pdf
Mavennotes.pdfMavennotes.pdf
Mavennotes.pdf
 
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
 

Dernier

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 

Dernier (20)

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 

Maven Zero to Hero with AWS CodeCommit, CodeArtifact, ECR, OWASP Dependency Track

  • 1. Maven Zero to Hero with AWS CodeCommit, CodeArtifact, ECR, OWASP Dependency Track Ravi Soni linkedin.com/in/rvsoni/
  • 2. Agenda ❖ History of Build System ❖ Overview of Maven ❖ Internals working of Maven (GAV, Phases, Goals, Plugins, Packaging, Profiles) ❖ Maven Repository (m2 repo) ❖ Setup and running Maven Hello World ❖ Overview AWS CodeCommit, CodeArtifact, ECR ❖ Setup of AWS CodeCommit, CodeArtifact, ECR and use with Maven ❖ Maven Release process with AWS CodeCommit, CodeArtifact, ECR ❖ Cool things I have build using Maven ❖ Overview/Talk on some important maven plugins ❖ Best practices of using Maven ❖ Q/A
  • 3. History of Build System ● Initial concepts derived from a Make build system used on Solaris/Unix ● Birth of Ant build tool ● Birth of Maven build tool
  • 4. Maven Overview ● Started as a side project of Apache Turbine ● How software is build and dependency managed ● Plugin based system ● Introduced GAV coordinates for dependency management ● Folder structure ● Introduction of build lifecycle
  • 6. Walking with Maven POM.xml <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.rvsoni.app</groupId> <artifactId>app-demo</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>jar</packaging> <name>app-demo</name> <description>Demo project for Maven</description> <properties> <java.version>11</java.version> </properties> <!-- <dependencies> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> </dependency> </dependencies> --> </project>
  • 7. Walking with Maven (Multi Module) POM.xml <project> <modelVersion>4.0.0</modelVersion> <artifactId>service</artifactId> <packaging>jar</packaging> <description>Demo project for Maven</description> <parent> <groupId>com.rvsoni.app</groupId> <artifactId>multi-module-app-demo</artifactId> <version>0.0.1-SNAPSHOT</version> </parent> <dependencies> <dependency> <groupId>com.rvsoni.app</groupId> <artifactId>jpa</artifactId> <version>${project.version}</version> </dependency> </dependencies> </project> <project> <modelVersion>4.0.0</modelVersion> <groupId>com.rvsoni.app</groupId> <artifactId>multi-module-app-demo</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>pom</packaging> <name>Maven multi-module App Demo</name> <properties> <java.version>11</java.version> <maven.compiler.source>${java.version}</maven.compiler.source> <maven.compiler.target>${java.version}</maven.compiler.target> <spring-boot.version>2.6.7</spring-boot.version> </properties> <dependencyManagement> <dependencies> <!-- Spring Boot BOM --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-dependencies</artifactId> <version>${spring-boot.version}</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement> <modules> <module>jpa</module> <module>service</module> <module>web</module> </modules> </project>
  • 8. Maven Lifecycle ● Packaging ● Phases ● Plugins ● Goals ● Dependency ● Profiles ● Distribution Management
  • 9.
  • 10. Maven Packaging ● Various packaging types support ○ EJB, EJB3, JAR, EAR, PAR, RAR, WAR, POM, Maven-plugin ○ Custom Packaging type, i.e hpi (Jenkins plugin) ● Default Packaging type is JAR ● Packaging type enable various phases of build lifecycle phases
  • 11. Maven Phase ● Maven lifecycle are based on the phase ● Phase associated with Plugin Goals ● Packaging type define lifecycle phases ● Phases named with hyphenated-words (pre-*, post-*, or process-*)
  • 12. Maven Plugins and Goals ● Plugin is heart of Maven Build system ● Each Plugin provide one or more goals ● Goals are need to map with Phase to be executed ● Some plugin goal is pre mapped with phase
  • 13. Maven Dependency and BOM ● Dependency management is a core feature of Maven ● Direct/Transitive Dependency ● Dependency scope (compile, Provided, Runtime, Test, System, Import) ● Bill of Materials (BOM) ○ A Collection of dependency ○ Best way to manage Dependency with in different project
  • 14. Maven Profiles ● A set of Maven configuration ● Can be activated on demand or automaticaly ● Help to modularize Maven build process ● Define at ○ Per Project (pom.xml) ○ Per User (%USER_HOME%/.m2/settings.xml) ○ Per Global (${maven.home}/conf/settings.xml)
  • 15. Maven Repository ● Central place to store and retrieve artifacts of dependency/plugins ● Artifact categorize as Snapshot or Release ● Local repository (~/.m2) ● Remote repository (https://repo.maven.apache.org) ● 3rd Party Repository proxy software ○ Sonatype Nexus ○ JFrog Artifactory ○ AWS CodeArtifact
  • 17. AWS CodeCommit ● A Hosted Git repository service provided by AWS ● Access control setup using AWS IAM ● Easy to integrate with other AWS Services
  • 18. AWS CodeArtifact ● A Hosted repository service provided by AWS ● Support Maven, NPM, PyPI.. ● Access control setup using AWS IAM ● Easy to integrate with other AWS Services ● Securly access package with in VPC (VPC PrivateLink Endpoint)
  • 19. AWS ECR ● A Hosted Container repository service provided by AWS ● Access control setup using AWS IAM ● Easy to integrate with other AWS Services ● Pull through cache repositories
  • 21. Maven Release process ● Overview of Release process ● Maven Release process tasks ○ Project verification for ready to release. ○ Code tagging ○ Version management ○ Project building ○ Release artifact deployment to repository ○ Prepare for the next development version
  • 22. Maven Release process with AWS CodeCommit, CodeArtifact, ECR Hello World!
  • 23. Cool things I have build using Maven ● Count a total line of Code ○ github.com/AlDanial/cloc ● Software bill of material generation ○ CycloneDX (SBOM format) ● Dependency Track Integration ○ Continues vulnerability scanning and alerting ○ Software Supply chain attack ○ Open source license management with SPDX ● License Finder Integration ○ github.com/pivotal/LicenseFinder
  • 24.
  • 25. List of cool Maven plugins ● Maven-antrun-plugin ● Maven-assembly-plugin ● Maven-enforcer-plugin ● Jib-maven-plugin ● Sql-maven-plugin ● Exec-maven-plugin ● Groovy-maven-plugin ● Cyclonedx-maven-plugin ● Spring-boot-maven-plugin
  • 26. Maven Best practices ● Separate dependency and build lifecycle ● Increase usage of Maven Dependency BOM ● Use of Parent pom ● Add dependency management on parent pom for Multi Module project ● Always define version on plugins ● Make a use of Profile