BOM for third-party libraries

A software bill of materials (software BOM) is a list of components in a piece of software. Software vendors often create products by assembling open source and commercial software components. The software BOM describes the components in a product. It is analogous to a list of ingredients on food packaging. (Wikipedia)

BOM in Magnolia

As an option, you may use a special BOM project to centralize dependencies for third-party libraries instead of managing them in the magnolia-main module and some other modules such as magnolia-ui and rest. This third-party BOM project is a plain Maven POM project whose only responsibility is to manage the versions of third-party dependencies in POM file such as magnolia-external-dependencies-6.2.pom.

To use a BOM in your project, include the following snippet as the very first dependency in the dependencyManagement section of the parent poms and adjust the version number accordingly.

  <dependency>
   <groupId>info.magnolia.boms</groupId>
   <artifactId>magnolia-external-dependencies</artifactId>
   <version>6.2</version>
   <type>pom</type>
   <scope>import</scope>
  </dependency>

For the version number, use the latest version released for this branch.

Currently it is 6.3.6.

If you use the magnolia-main parent (info.magnolia:magnolia-project) to manage the third-party dependencies as well, we recommend that you use our third-party BOM for this in the future. You can apply the change at any time you want.

Example of the dependencyManagement section:

  <dependencyManagement>
    <dependencies>
      <!-- 3rd-party BOM -->
      <dependency>
        <groupId>info.magnolia.boms</groupId>
        <artifactId>magnolia-external-dependencies</artifactId>
        <version>6.2</version>
        <scope>import</scope>
        <type>pom</type>
      </dependency>

      <!-- Module BOM -->
      <dependency>
        <groupId>info.magnolia.dx</groupId>
        <artifactId>magnolia-dx-core-parent</artifactId>
        <version>6.2</version>
        <scope>import</scope>
        <type>pom</type>
      </dependency>
    </dependencies>
  </dependencyManagement>

Best practice

The second dependency is usually a Magnolia parent POM (CE or DX Core) which functions as a Magnolia module BOM that manages all module versions in a particular release.

3rd-party libraries list

A list of licenses of third-party libraries used by Magnolia as part of the build is displayed in the Libraries license info tab of the About app.

On Magnolia Cloud, there is no other option to get an overview of these libraries and their licenses.

See also

  <dependency>
    <groupId>info.magnolia.boms</groupId>
    <artifactId>magnolia-external-dependencies</artifactId>
    <version>6.2</version>
    <scope>import</scope>
    <type>pom</type>
  </dependency>

  <!-- Module BOM -->
  <dependency>
    <groupId>info.magnolia.dx</groupId>
    <artifactId>magnolia-dx-core-parent</artifactId>
    <version>6.2</version>
    <scope>import</scope>
    <type>pom</type>
  </dependency>
</dependencies>
Feedback

DX Core

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the DX Core docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules