diversify-mvn
Advanced tools
Automatically diversify Maven projects using Docker by mutating dependencies versions
Creates mutants of a given Maven project by modifying the dependencies versions.
Then build a Docker image using the Dockerfile of the project (should be available at the root of the project) and tries to run it.
If the output of the docker run mutant-image is Exit 0 => Success, otherwise it's a failure.
From npm
npm i -g diversify-mvn
From source
git clone git@github.com:maxleiko/diversify-mvn.git
cd diversify-mvn
npm install
npm run build
npm link
diversify-mvn config.json
export interface Config {
appPath: string; // where to find the Java project to diversify
versionsCount: number; // the "range" of versions to do mutations on
engines: Dockerode.DockerOptions[]; // cf. dockerode doc
pomPath?: string; // default: ''
outputDir?: string; // default: '.results'
blacklist?: string[]; // default: []
mutantsLimit?: number; // default: nbGroups^(versionsCount+1)
containerOptions?: Dockerode.ContainerCreateOptions; // default: {}
taskTimeout?: number; // default: 1500
overwriteContainer?: boolean; // default: false
}
Dockerode.DockerOptionsandDockerode.ContainerCreateOptionscome from dockerode
Example:
{
"appPath": "java-websocket",
"versionsCount": 2,
"engines": [
{ "socketPath": "/var/run/docker.sock" },
{ "host": "10.0.0.1", "port": 2375 },
{ "host": "10.0.0.2", "port": 2375 },
{ "host": "10.0.0.3", "port": 2375 }
]
}
Sometimes you do not want some dependencies to be diversified, for that we've introduced "blacklist".
Blacklist is an array of strings:
{
"blacklist": [
"groupId:artifactId",
"allThatGroupId"
]
}
In this example, the dependency groupId:artifactId will not be changed by the program, and all the dependencies that have allThatGroupId as groupId will also not be changed.
DEBUG=diversify-mvn:* diversify-mvn config.json
If you want to go further into the diversification of your mutants, you can add Polyverse.io to your Docker images. This will replace all the currently installed packages (only Ubuntu, CentOS and Alpine supported) with diversified ones.
To add this layer of diversification, add those lines to your Dockerfile:
...
RUN curl https://repo.polyverse.io/install.sh | sh -s czcw7pjshny8lzzog8bgiizfr
RUN apt-get update && apt-get -y --allow-change-held-packages install --reinstall $(dpkg --get-selections | awk '{print $1}')
...
...
RUN curl https://repo.polyverse.io/install.sh | sh -s czcw7pjshny8lzzog8bgiizfr
RUN sed -n -i '/repo.polyverse.io/p' /etc/apk/repositories && apk upgrade --update-cache --available
...
...
RUN curl https://repo.polyverse.io/install.sh | sh -s czcw7pjshny8lzzog8bgiizfr
RUN yum reinstall -y \*
...
FAQs
Automatically diversify Maven projects using Docker by mutating dependencies versions
We found that diversify-mvn demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.