fix: prioritized handling of parentUuid

chore: updated maven dependencies

README.md

@@ -30,7 +30,32 @@ in the `pluginManagement` section of your POM to avoid repetition.
     </plugins>
 </pluginManagement>
 ```
+Especially if you're in a multi-module configuration you should additionally include the plugin
+in the regular build plugin section that contains `<inherited>false</inherited>`.
+This assures that your submodules reflect the parent/child hierarchy of your pom.  
 
+```xml
+<plugins>
+      <!-- Generate SBOM file -->
+      <plugin>
+        <groupId>org.cyclonedx</groupId>
+        <artifactId>cyclonedx-maven-plugin</artifactId>
+      </plugin>
+      <plugin>
+        <groupId>io.github.pmckeown</groupId>
+        <artifactId>dependency-track-maven-plugin</artifactId>
+        <inherited>false</inherited>
+        <configuration>
+          <!-- set either -->
+          <parentUuid>UUID_OF_PARENT_PROJECT_IN_DTRACK</parentUuid>
+          <!-- or -->
+          <parentName>NAME_OF_PARENT_PROJECT_IN_DTRACK</parentName>
+          <parentVersion>VERSION_OF_PARENT_PROJECT_IN_DTRACK</parentVersion>
+        </configuration>
+      </plugin>
+  </plugins>
+  ```
+
 **IMPORTANT** Dependency Track includes a front-end and an api-server component on different ports (defaulting to
 8080 and 8081 respectively). You must ensure that you target the api server component (8081) and not the front-end
 component URL in the `dependencyTrackBaseUrl` property.
@@ -208,6 +233,7 @@ Dependency-Track based on the metadata present in the BOM:
 
 **Notes:** 
 * This requires a CycloneDX BOM using Schema 1.2 or later.
+* required permission `PORTFOLIO_MANAGEMENT` if `updateProjectInfo` or `updateParent` is `true`
 * Not all information is visible in the Dependency-Track server UI.
 
 From Dependency-Track server 4.8.0 onwards, you can set the project parent by setting `updateParent` to `true`. The 

pom.xml

@@ -174,7 +174,7 @@
         <dependency>
             <groupId>org.apache.maven.plugin-tools</groupId>
             <artifactId>maven-plugin-annotations</artifactId>
-            <version>3.8.1</version>
+            <version>3.15.1</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
@@ -192,13 +192,13 @@
         <dependency>
             <groupId>com.github.tomakehurst</groupId>
             <artifactId>wiremock</artifactId>
-            <version>2.27.2</version>
+            <version>3.0.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>4.9.0</version>
+            <version>5.14.2</version>
             <scope>test</scope>
         </dependency>
     </dependencies>
@@ -208,7 +208,7 @@
             <plugins>
                 <plugin>
                     <artifactId>maven-clean-plugin</artifactId>
-                    <version>3.3.1</version>
+                    <version>3.4.0</version>
                 </plugin>
                 <!-- see http://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_maven-plugin_packaging -->
                 <plugin>
@@ -227,48 +227,48 @@
                 </plugin>
                 <plugin>
                     <artifactId>maven-plugin-plugin</artifactId>
-                    <version>3.9.0</version>
+                    <version>3.15.1</version>
                     <configuration>
                         <skipErrorNoDescriptorsFound>true</skipErrorNoDescriptorsFound>
                     </configuration>
                 </plugin>
                 <plugin>
                     <artifactId>maven-surefire-plugin</artifactId>
-                    <version>3.2.1</version>
+                    <version>3.5.2</version>
                 </plugin>
                 <plugin>
                     <artifactId>maven-jar-plugin</artifactId>
-                    <version>3.3.0</version>
+                    <version>3.4.2</version>
                 </plugin>
                 <plugin>
                     <artifactId>maven-install-plugin</artifactId>
-                    <version>3.1.1</version>
+                    <version>3.1.3</version>
                 </plugin>
                 <plugin>
                     <artifactId>maven-deploy-plugin</artifactId>
-                    <version>3.1.1</version>
+                    <version>3.1.3</version>
                 </plugin>
                 <plugin>
                     <artifactId>maven-invoker-plugin</artifactId>
-                    <version>3.6.0</version>
+                    <version>3.8.1</version>
                 </plugin>
                 <plugin>
                     <artifactId>maven-source-plugin</artifactId>
-                    <version>3.2.1</version>
+                    <version>3.3.1</version>
                 </plugin>
                 <plugin>
                     <artifactId>maven-javadoc-plugin</artifactId>
-                    <version>3.4.1</version>
+                    <version>3.11.2</version>
                 </plugin>
                 <plugin>
                     <groupId>org.sonarsource.scanner.maven</groupId>
                     <artifactId>sonar-maven-plugin</artifactId>
-                    <version>3.9.1.2184</version>
+                    <version>5.0.0.4389</version>
                 </plugin>
                 <plugin>
                     <groupId>org.jacoco</groupId>
                     <artifactId>jacoco-maven-plugin</artifactId>
-                    <version>0.8.10</version>
+                    <version>0.8.12</version>
                     <configuration>
                         <append>true</append>
                     </configuration>

src/main/java/io/github/pmckeown/dependencytrack/AbstractDependencyTrackMojo.java

@@ -137,8 +137,8 @@ public void setSkip(String skip) {
         this.skip = skip;
     }
 
-    public void setPollingConfig(PollingConfig commonConfig) {
-        this.pollingConfig = commonConfig;
+    public void setPollingConfig(PollingConfig pollingConfig) {
+        this.pollingConfig = pollingConfig;
     }
 
     protected void handleFailure(String message) throws MojoFailureException {

src/main/java/io/github/pmckeown/dependencytrack/CommonConfig.java

@@ -16,8 +16,9 @@
 @Singleton
 public class CommonConfig {
 
-    private String projectName;
-    private String projectVersion;
+    private String projectUuid="";
+    private String projectName="";
+    private String projectVersion="";
     private String dependencyTrackBaseUrl;
     private String apiKey;
     private PollingConfig pollingConfig;
@@ -34,6 +35,10 @@ public class CommonConfig {
 
     protected Logger logger = new Logger(new SystemStreamLog());
 
+    public String getProjectUuid() { return projectUuid; }
+
+    public void setProjectUuid(String projectUuid) { this.projectUuid = projectUuid; }
+
     public String getProjectName() {
         return projectName;
     }
@@ -94,31 +99,42 @@ public String getParentVersion() {
     }
 
     public void setParentVersion(String parentVersion) {
-        this.parentVersion = parentVersion;
+        if (StringUtils.isBlank(parentUuid)) {
+            this.parentVersion = parentVersion;
+        } else if (StringUtils.isNotBlank(parentUuid))
+            logger.info("parentUuid set so ignoring parentVersion: %s", parentVersion);
     }
 
-
     public String getParentUuid() { return parentUuid; }
 
-    public void setParentUuid(String parentUuid) { 
-        this.parentUuid = parentUuid; 
+    public void setParentUuid(String parentUuid) {
+        this.parentUuid = parentUuid;
+        if (StringUtils.isNotBlank(parentUuid)) {
+            logger.info("parentUuid set to: %s", parentUuid);
+            logger.info("clearing parentName and parentVersion");
+            this.setParentName(null);
+            this.setParentVersion(null);
+        }
     }
 
     public String getParentName() {
         return parentName;
     }
 
     public void setParentName(String parentName) {
-        this.parentName = parentName;
+        if (StringUtils.isBlank(parentUuid)) {
+            this.parentName = parentName;
+        } else if (StringUtils.isNotBlank(parentUuid))
+            logger.info("parentUuid set so ignoring parentName: %s", parentName);
     }
 
-    public boolean isUpdateParent() { return updateParent; }
+    public boolean getUpdateParent() { return updateParent; }
 
     public void setUpdateParent(boolean updateParent) {
         this.updateParent = updateParent;
     }
 
-    public boolean isUpdateProjectInfo() { return updateProjectInfo; }
+    public boolean getUpdateProjectInfo() { return updateProjectInfo; }
 
     public void setUpdateProjectInfo(boolean updateProjectInfo) { this.updateProjectInfo = updateProjectInfo; }
 

src/main/java/io/github/pmckeown/dependencytrack/finding/FindingsMojo.java

@@ -104,7 +104,7 @@ public FindingsMojo(ProjectAction projectAction, FindingsAction findingsAction,
     protected void performAction() throws MojoExecutionException, MojoFailureException {
         List<Finding> findings;
         try {
-            Project project = projectAction.getProject(commonConfig.getProjectName(), commonConfig.getProjectVersion());
+            Project project = projectAction.getProject(commonConfig);
             findings = findingsAction.getFindings(project);
             findingsPrinter.printFindings(project, findings);
             populateThresholdFromCliOptions();

src/main/java/io/github/pmckeown/dependencytrack/metrics/MetricsMojo.java

@@ -75,7 +75,7 @@ public MetricsMojo(MetricsAction metricsAction, ProjectAction getProjectAction,
     @Override
     public void performAction() throws MojoExecutionException, MojoFailureException {
         try {
-            Project project = getProjectAction.getProject(projectName, projectVersion);
+            Project project = getProjectAction.getProject(commonConfig);
             logger.debug("Project Details: %s", project.toString());
 
             Metrics metrics = getMetrics(project);

src/main/java/io/github/pmckeown/dependencytrack/policyviolation/PolicyViolationsMojo.java

@@ -68,7 +68,7 @@ public PolicyViolationsMojo(ProjectAction projectAction, PolicyViolationsReportG
     protected void performAction() throws MojoExecutionException, MojoFailureException {
         List<PolicyViolation> policyViolations;
         try {
-            Project project = projectAction.getProject(commonConfig.getProjectName(), commonConfig.getProjectVersion());
+            Project project = projectAction.getProject(commonConfig);
             policyViolations = policyAction.getPolicyViolations(project);
             policyViolationsPrinter.printPolicyViolations(project, policyViolations);
             boolean policyViolationsBreached = policyAnalyser.isAnyPolicyViolationBreached(policyViolations,

src/main/java/io/github/pmckeown/dependencytrack/project/DeleteProjectMojo.java

@@ -31,7 +31,7 @@ public DeleteProjectMojo(ProjectAction projectAction, CommonConfig commonConfig,
     @Override
     protected void performAction() throws MojoExecutionException, MojoFailureException {
         try {
-            Project project = projectAction.getProject(projectName, projectVersion);
+            Project project = projectAction.getProject(commonConfig);
 
             boolean success = projectAction.deleteProject(project);
 

src/main/java/io/github/pmckeown/dependencytrack/project/Project.java

@@ -56,9 +56,4 @@ public boolean isLatest() {
     public List<ProjectTag> getTags() {
         return tags;
     }
-
-    @Override
-    public String toString() {
-        return ToStringBuilder.reflectionToString(this, ToStringStyle.JSON_STYLE);
-    }
 }

src/main/java/io/github/pmckeown/dependencytrack/project/ProjectAction.java

@@ -1,5 +1,7 @@
 package io.github.pmckeown.dependencytrack.project;
 
+import com.networknt.schema.utils.StringUtils;
+import io.github.pmckeown.dependencytrack.CommonConfig;
 import io.github.pmckeown.dependencytrack.DependencyTrackException;
 import io.github.pmckeown.dependencytrack.Item;
 import io.github.pmckeown.dependencytrack.Response;
@@ -34,17 +36,39 @@ public ProjectAction(ProjectClient projectClient, BomParser bomParser, Logger lo
         this.logger = logger;
     }
 
-    public Project getProject(String projectName, String projectVersion) throws DependencyTrackException {
+    public Project getProject(CommonConfig commonConfig) throws DependencyTrackException {
+        return getProject(
+            commonConfig.getProjectUuid(),
+            commonConfig.getProjectName(),
+            commonConfig.getProjectVersion());
+    }
+
+    public Project getProject(String uuid) throws DependencyTrackException {
+        return getProject(uuid, "", "");
+    }
+
+    public Project getProject(String name, String version) throws DependencyTrackException {
+        return getProject("", name, version);
+    }
+
+    public Project getProject(String uuid, String name, String version) throws DependencyTrackException {
         try {
-            Response<Project> response = projectClient.getProject(projectName, projectVersion);
+            Response<Project> response = projectClient.getProject(uuid, name, version);
 
             if (response.isSuccess()) {
                 Optional<Project> body = response.getBody();
                 if (body.isPresent()) {
                     return body.get();
                 } else {
-                    throw new DependencyTrackException(
-                        format("Requested project not found: %s-%s", projectName, projectVersion));
+                    if (StringUtils.isBlank(uuid)) {
+                        throw new DependencyTrackException(
+                            format("Requested project not found by UUUID: %s", uuid)
+                        );
+                    } else {
+                        throw new DependencyTrackException(
+                            format("Requested project not found by name/version: %s-%s", name, version)
+                            );
+                    }
                 }
             } else {
                 logger.error("Failed to list projects with error from server: " + response.getStatusText());

src/main/java/io/github/pmckeown/dependencytrack/project/ProjectClient.java

@@ -9,6 +9,7 @@
 import javax.inject.Inject;
 import javax.inject.Singleton;
 import java.util.Optional;
+import org.apache.commons.lang3.StringUtils;
 
 import static io.github.pmckeown.dependencytrack.ResourceConstants.V1_PROJECT_UUID;
 import static io.github.pmckeown.dependencytrack.ResourceConstants.V1_PROJECT_LOOKUP;
@@ -31,13 +32,13 @@ public ProjectClient(CommonConfig commonConfig) {
         this.commonConfig = commonConfig;
     }
 
-    public Response<Project> getProject(String projectName, String projectVersion) {
-        HttpResponse<Project> httpResponse = get(commonConfig.getDependencyTrackBaseUrl() + V1_PROJECT_LOOKUP)
-            .queryString("name", projectName)
-            .queryString("version", projectVersion)
-            .header(X_API_KEY, commonConfig.getApiKey())
-            .asObject(new GenericType<Project>() {
-            });
+    public Response<Project> getProject(String projectUuid, String projectName, String projectVersion) {
+        HttpResponse<Project> httpResponse;
+        if (StringUtils.isNotBlank(projectUuid)) {
+            httpResponse = getProjectByUuid(projectUuid);
+        } else {
+            httpResponse = getProjectByNameAndVersion(projectName, projectVersion);
+        }
         Optional<Project> body;
         if (httpResponse.isSuccess()) {
             body = Optional.of(httpResponse.getBody());
@@ -47,6 +48,23 @@ public Response<Project> getProject(String projectName, String projectVersion) {
         return new Response<>(httpResponse.getStatus(), httpResponse.getStatusText(), httpResponse.isSuccess(), body);
     }
 
+    private HttpResponse<Project> getProjectByNameAndVersion(String projectName, String projectVersion) {
+        return get(commonConfig.getDependencyTrackBaseUrl() + V1_PROJECT_LOOKUP)
+            .queryString("name", projectName)
+            .queryString("version", projectVersion)
+            .header(X_API_KEY, commonConfig.getApiKey())
+            .asObject(new GenericType<Project>() {
+            });
+    }
+
+    private HttpResponse<Project> getProjectByUuid(String uuid) {
+        return get(commonConfig.getDependencyTrackBaseUrl() + V1_PROJECT_UUID)
+            .routeParam("uuid", uuid)
+            .header(X_API_KEY, commonConfig.getApiKey())
+            .asObject(new GenericType<Project>() {
+            });
+    }
+
     Response<Void> deleteProject(Project project) {
         HttpResponse<?> httpResponse = delete(commonConfig.getDependencyTrackBaseUrl() + V1_PROJECT_UUID)
                 .routeParam("uuid", project.getUuid())

src/main/java/io/github/pmckeown/dependencytrack/score/ScoreAction.java

@@ -26,7 +26,7 @@ class ScoreAction {
 
     private ProjectClient projectClient;
     private MetricsAction metricsAction;
-    private CommonConfig commonConfig;
+    private CommonConfig commonConfig = new CommonConfig();
     private Logger logger;
 
     @Inject
@@ -40,7 +40,7 @@ public ScoreAction(ProjectClient projectClient, MetricsAction metricsAction, Com
 
     Integer determineScore(Integer inheritedRiskScoreThreshold) throws DependencyTrackException {
         try {
-            Response<Project> response = projectClient.getProject(commonConfig.getProjectName(), commonConfig.getProjectVersion());
+            Response<Project> response = projectClient.getProject(commonConfig.getProjectUuid(), commonConfig.getProjectName(), commonConfig.getProjectVersion());
 
             Optional<Project> body = response.getBody();
             if (response.isSuccess() && body.isPresent()) {
@@ -89,4 +89,11 @@ private void printInheritedRiskScore(Project project, int inheritedRiskScore, In
         }
         logger.info(DELIMITER);
     }
+
+    /*
+     * Setters for dependency injection in tests
+     */
+    void setCommonConfig(CommonConfig commonConfig) {
+        this.commonConfig = commonConfig;
+    }
 }