BOM for third-party libraries
A software bill of materials (software BOM) is a list of components in a piece of software. Software vendors often create products by assembling open source and commercial software components. The software BOM describes the components in a product. It is analogous to a list of ingredients on food packaging. (Wikipedia)
BOM in Magnolia
As an option, you may use a special BOM project to centralize
dependencies for third-party libraries instead of managing them in the
magnolia-main
module and some other modules such as magnolia-ui
and
rest
. This third-party BOM project is a plain Maven POM project whose
only responsibility is to manage the versions of third-party
dependencies in POM file such as
magnolia-external-dependencies-6.2.pom
.
To use a BOM in your project, include the following snippet as the very
first dependency in the dependencyManagement
section of the parent
poms and adjust the version
number accordingly.
<dependency>
<groupId>info.magnolia.boms</groupId>
<artifactId>magnolia-external-dependencies</artifactId>
<version>6.2</version>
<type>pom</type>
<scope>import</scope>
</dependency>
For the version
number, use the latest version released for this
branch.
Currently it is 6.3.1. |
If you use the magnolia-main
parent (info.magnolia:magnolia-project
)
to manage the third-party dependencies as well, we recommend that you
use our third-party BOM for this in the future. You can apply the change
at any time you want.
Example of the dependencyManagement
section:
<dependencyManagement>
<dependencies>
<!-- 3rd-party BOM -->
<dependency>
<groupId>info.magnolia.boms</groupId>
<artifactId>magnolia-external-dependencies</artifactId>
<version>6.2</version>
<scope>import</scope>
<type>pom</type>
</dependency>
<!-- Module BOM -->
<dependency>
<groupId>info.magnolia.dx</groupId>
<artifactId>magnolia-dx-core-parent</artifactId>
<version>6.2</version>
<scope>import</scope>
<type>pom</type>
</dependency>
</dependencies>
</dependencyManagement>
Best practice
The second dependency is usually a Magnolia parent POM (CE or DX Core) which functions as a Magnolia module BOM that manages all module versions in a particular release.
3rd-party libraries list
A list of licenses of third-party libraries used by Magnolia as part of the build is displayed in the Libraries license info tab of the About app.
On Magnolia Cloud, there is no other option to get an overview of these libraries and their licenses.
See also
-
Software bill of materials (English Wikipedia)
<dependency>
<groupId>info.magnolia.boms</groupId>
<artifactId>magnolia-external-dependencies</artifactId>
<version>6.2</version>
<scope>import</scope>
<type>pom</type>
</dependency>
<!-- Module BOM -->
<dependency>
<groupId>info.magnolia.dx</groupId>
<artifactId>magnolia-dx-core-parent</artifactId>
<version>6.2</version>
<scope>import</scope>
<type>pom</type>
</dependency>
</dependencies>